jwt compatability

nhsdevws · nhsdevws · commit 56f157c91acc · 2025-07-30T16:19:30.000+01:00
diff --git a/lambdas/id_sync/poetry.lock b/lambdas/id_sync/poetry.lock
diff --git a/lambdas/id_sync/pyproject.toml b/lambdas/id_sync/pyproject.toml
@@ -27,6 +27,7 @@ coverage = "^7.8.0"
 redis = "^4.6.0"
 jwt = "^1.4.0"
 cache = "^1.0.3"
+pyjwt = "^2.10.1"
 
 [tool.poetry.group.dev.dependencies]
 coverage = "^7.8.0"
diff --git a/lambdas/shared/src/common/authentication.py b/lambdas/shared/src/common/authentication.py
@@ -8,6 +8,7 @@
 
 from .cache import Cache
 from common.models.errors import UnhandledResponseError
+from common.clients import logger
 
 
 class Service(Enum):
@@ -37,7 +38,9 @@ def get_service_secrets(self):
         return secret_object
 
     def create_jwt(self, now: int):
+        logger.info("create_jwt")
         secret_object = self.get_service_secrets()
+        logger.info(f"Secret object: {secret_object}")
         claims = {
             "iss": secret_object['api_key'],
             "sub": secret_object['api_key'],
@@ -46,17 +49,45 @@ def create_jwt(self, now: int):
             "exp": now + self.expiry,
             "jti": str(uuid.uuid4())
         }
-        return jwt.encode(claims, secret_object['private_key'], algorithm='RS512',
-                          headers={"kid": secret_object['kid']})
+        logger.info(f"JWT claims: {claims}")
+        # ✅ Version-compatible JWT encoding
+        try:
+            # PyJWT 2.x
+            return jwt.encode(
+                claims,
+                secret_object['private_key'],
+                algorithm='RS512',
+                headers={"kid": secret_object['kid']}
+            )
+        except TypeError:
+            # PyJWT 1.x (older versions return bytes)
+            token = jwt.encode(
+                claims,
+                secret_object['private_key'],
+                algorithm='RS512',
+                headers={"kid": secret_object['kid']}
+            )
+            # Convert bytes to string if needed
+            return token.decode('utf-8') if isinstance(token, bytes) else token
 
     def get_access_token(self):
+        logger.info("get_access_token")
         now = int(time.time())
+        logger.info(f"Current time: {now}, Expiry time: {now + self.expiry}")
+        # Check if token is cached and not expired
+        logger.info(f"Cache key: {self.cache_key}")
+        logger.info("Checking cache for access token")
         cached = self.cache.get(self.cache_key)
+        logger.info(f"Cached token: {cached}")
         if cached and cached["expires_at"] > now:
+            logger.info("Returning cached access token")
             return cached["token"]
 
+        logger.info("No valid cached token found, creating new token")
         _jwt = self.create_jwt(now)
 
+        logger.info(f"JWT created: {_jwt}")
+
         headers = {
             'Content-Type': 'application/x-www-form-urlencoded'
         }
diff --git a/lambdas/shared/src/common/pds_service.py b/lambdas/shared/src/common/pds_service.py
@@ -8,6 +8,7 @@
 
 class PdsService:
     def __init__(self, authenticator: AppRestrictedAuth, environment):
+        logger.info(f"PdsService init: {environment}")
         self.authenticator = authenticator
 
         self.base_url = f"https://{environment}.api.service.nhs.uk/personal-demographics/FHIR/R4/Patient" \
@@ -17,6 +18,7 @@ def __init__(self, authenticator: AppRestrictedAuth, environment):
 
     def get_patient_details(self, patient_id) -> dict | None:
         logger.info(f"PDS. Get patient details for ID: {patient_id}")
+        logger.info("PDS. Getting access token")
         access_token = self.authenticator.get_access_token()
         logger.info(f"PDS. Access token: {access_token}")
         request_headers = {
