Remove JWT token expiration

Tokens no longer include an exp claim and decode skips expiry verification, so users stay authenticated indefinitely. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
author: YurenHao0426 <blackhao0426@gmail.com> 2026-02-13 19:06:33 +0000
committer: YurenHao0426 <blackhao0426@gmail.com> 2026-02-13 19:06:33 +0000
commit: dbe25778281ded7db601520349e37a39a4b04ceb (patch)
tree: 6045bf31f1ed9c35af58aea7c4de4b2821f62025
parent: 6cfdb2b1c0af822376d57cc49b525d5641dfdbac (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/backend/app/auth/utils.py b/backend/app/auth/utils.py
index 5889279..f18d880 100644
--- a/backend/app/auth/utils.py
+++ b/backend/app/auth/utils.py
@@ -55,17 +55,16 @@ def get_password_hash(password: str) -> str:
 
 
 def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str:
-    """Create a JWT access token"""
+    """Create a JWT access token (no expiration by default)"""
     to_encode = data.copy()
-    expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
-    to_encode.update({"exp": expire})
+    # No exp claim → token never expires
     return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
 
 
 def decode_token(token: str) -> Optional[str]:
     """Decode a JWT token and return the username"""
     try:
-        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM], options={"verify_exp": False})
         username: str = payload.get("sub")
         return username
     except JWTError:
author	YurenHao0426 <blackhao0426@gmail.com>	2026-02-13 19:06:33 +0000
committer	YurenHao0426 <blackhao0426@gmail.com>	2026-02-13 19:06:33 +0000
commit	dbe25778281ded7db601520349e37a39a4b04ceb (patch)
tree	6045bf31f1ed9c35af58aea7c4de4b2821f62025
parent	6cfdb2b1c0af822376d57cc49b525d5641dfdbac (diff)