Skip to content

feat: Forward extra kwargs (expires_in, issued_at) through ClientSecretJWT and PrivateKeyJWT#890

Open
liudonggalaxy wants to merge 1 commit into
authlib:mainfrom
liudonggalaxy:Dongliu/client_secret_jwt_private_key_jwt_kwargs
Open

feat: Forward extra kwargs (expires_in, issued_at) through ClientSecretJWT and PrivateKeyJWT#890
liudonggalaxy wants to merge 1 commit into
authlib:mainfrom
liudonggalaxy:Dongliu/client_secret_jwt_private_key_jwt_kwargs

Conversation

@liudonggalaxy

@liudonggalaxy liudonggalaxy commented May 15, 2026

Copy link
Copy Markdown
Contributor

What kind of change does this PR introduce?

This is a feature implementation

ClientSecretJWT and PrivateKeyJWT accept token_endpoint, claims, headers, and alg, but there is no way to control expires_in or issued_at for the generated JWT assertion. The underlying sign_jwt_bearer_assertion already supports these parameters, but they were not forwarded from the high-level classes.

Before:

 # No way to set a shorter token lifetime
 jwt_signer = ClientSecretJWT(token_endpoint="https://example.com/token")
 # Always generates a JWT with exp = iat + 3600 (1 hour)

Solution: Accept **kwargs in __init__(...) and forward them through sign() to client_secret_jwt_sign / private_key_jwt_sign, which already pass **kwargs to sign_jwt_bearer_assertion.

After:

 # Control expires_in and issued_at
 jwt_signer = ClientSecretJWT(
     token_endpoint="https://example.com/token",
     expires_in=300,  # 5-minute token lifetime
 )
 
 jwt_signer = PrivateKeyJWT(
     token_endpoint="https://example.com/token",
     issued_at=1700000000,
     expires_in=600,
 )

Fully backward compatible. No existing parameters changed. The kwargs only captures additional keyword arguments.

Checklist

  • The commits follow the conventional commits specification.
  • You ran the linters with prek.
  • You wrote unit test to demonstrate the bug you are fixing, or to stress the feature you are bringing.
  • You reached 100% of code coverage on the code you edited, without abusive use of pragma: no cover
  • If this PR is about a new feature, or a behavior change, you have updated the documentation accordingly.

  • You consent that the copyright of your pull request source code belongs to Authlib's author.

@liudonggalaxy liudonggalaxy force-pushed the Dongliu/client_secret_jwt_private_key_jwt_kwargs branch from 07a0cc1 to 6b86cdd Compare May 15, 2026 01:07
@liudonggalaxy liudonggalaxy marked this pull request as ready for review May 15, 2026 01:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant