Use timezone-aware datetime in JWT token generation

borys25ol · borys25ol · commit 6f9609ef539a · 2026-01-24T16:20:44.000+02:00
diff --git a/conduit/services/auth_token.py b/conduit/services/auth_token.py
@@ -1,4 +1,4 @@
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 
 import jwt
 from structlog import get_logger
@@ -22,15 +22,21 @@ def __init__(
         self._token_expiration_minutes = token_expiration_minutes
 
     def generate_jwt_token(self, user: UserDTO) -> str:
-        expire = datetime.now() + timedelta(minutes=self._token_expiration_minutes)
-        payload = {"user_id": user.id, "username": user.username, "exp": expire}
+        now = datetime.now(timezone.utc)
+        expire = now + timedelta(minutes=self._token_expiration_minutes)
+        payload = {
+            "user_id": user.id,
+            "username": user.username,
+            "iat": now,
+            "exp": expire,
+        }
         return jwt.encode(payload, self._secret_key, algorithm=self._algorithm)
 
     def parse_jwt_token(self, token: str) -> TokenPayloadDTO:
         try:
             payload = jwt.decode(token, self._secret_key, algorithms=[self._algorithm])
         except jwt.InvalidTokenError as err:
-            logger.error("Invalid JWT token", token=token, error=err)
+            logger.error("Invalid JWT token", error=err)
             raise IncorrectJWTTokenException()
 
         return TokenPayloadDTO(user_id=payload["user_id"], username=payload["username"])
