From dbe25778281ded7db601520349e37a39a4b04ceb Mon Sep 17 00:00:00 2001 From: YurenHao0426 Date: Fri, 13 Feb 2026 19:06:33 +0000 Subject: Remove JWT token expiration Tokens no longer include an exp claim and decode skips expiry verification, so users stay authenticated indefinitely. Co-Authored-By: Claude Opus 4.6 --- backend/app/auth/utils.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'backend/app/auth/utils.py') diff --git a/backend/app/auth/utils.py b/backend/app/auth/utils.py index 5889279..f18d880 100644 --- a/backend/app/auth/utils.py +++ b/backend/app/auth/utils.py @@ -55,17 +55,16 @@ def get_password_hash(password: str) -> str: def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str: - """Create a JWT access token""" + """Create a JWT access token (no expiration by default)""" to_encode = data.copy() - expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)) - to_encode.update({"exp": expire}) + # No exp claim → token never expires return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) def decode_token(token: str) -> Optional[str]: """Decode a JWT token and return the username""" try: - payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) + payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM], options={"verify_exp": False}) username: str = payload.get("sub") return username except JWTError: -- cgit v1.2.3