jwt token: add required claims

ikreymer · ikreymer · commit 8ddcde79992a · 2026-03-12T16:07:17.000-07:00
diff --git a/backend/btrixcloud/auth.py b/backend/btrixcloud/auth.py
@@ -112,7 +112,13 @@ def generate_jwt(data: dict, minutes: int) -> str:
 # ============================================================================
 def decode_jwt(token: str, audience: Optional[List[str]] = None) -> dict:
     """decode JWT token"""
-    return jwt.decode(token, PASSWORD_SECRET, algorithms=[ALGORITHM], audience=audience)
+    return jwt.decode(
+        token,
+        PASSWORD_SECRET,
+        algorithms=[ALGORITHM],
+        options={"require": ["exp", "aud", "sub"]},
+        audience=audience,
+    )
 
 
 # ============================================================================
