Hi @jgontrum, first I'd like to thank you very much for your work, you saved me a lot of time with this.
There are just two possible issues that I'd like to mention:
- it seems to me that checking the scheme is already done in HTTPBearer, so there is probably no need to do it as well in JTWBearer;
- IMPORTANT : I cannot see where the token expiration time is checked in this code.
On my side, I have added a check before token verification, after building jwt_credentials
:
# check token expiration
if time.time() > int(jwt_credentials.claims['exp']):
raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="Token expired")