Use "sub" claim instead of "user_id" for JWT, verify and reset password tokens

2025-11-03 13:42:16 +08:00 · 2023-01-16 11:44:42 +01:00
parent 794133c4fe
commit b18389439a
4 changed files with 12 additions and 12 deletions
--- a/tests/test_authentication_strategy_jwt.py
+++ b/tests/test_authentication_strategy_jwt.py
@ -79,7 +79,7 @@ def token(jwt_strategy: JWTStrategy[UserModel, IDType]):
    def _token(user_id=None, lifetime=LIFETIME):
        data = {"aud": "fastapi-users:auth"}
        if user_id is not None:
-            data["user_id"] = str(user_id)
+            data["sub"] = str(user_id)
        return generate_jwt(
            data, jwt_strategy.encode_key, lifetime, algorithm=jwt_strategy.algorithm
        )
@ -148,7 +148,7 @@ async def test_write_token(jwt_strategy: JWTStrategy[UserModel, IDType], user):
        audience=jwt_strategy.token_audience,
        algorithms=[jwt_strategy.algorithm],
    )
-    assert decoded["user_id"] == str(user.id)
+    assert decoded["sub"] == str(user.id)


@pytest.mark.parametrize("jwt_strategy", ["HS256", "RS256", "ES256"], indirect=True)
--- a/tests/test_manager.py
+++ b/tests/test_manager.py
@ -35,7 +35,7 @@ def verify_token(user_manager: UserManagerMock[UserModel]):
    ):
        data = {"aud": user_manager.verification_token_audience}
        if user_id is not None:
-            data["user_id"] = str(user_id)
+            data["sub"] = str(user_id)
        if email is not None:
            data["email"] = email
        return generate_jwt(data, user_manager.verification_token_secret, lifetime)
@ -52,7 +52,7 @@ def forgot_password_token(user_manager: UserManagerMock[UserModel]):
    ):
        data = {"aud": user_manager.reset_password_token_audience}
        if user_id is not None:
-            data["user_id"] = str(user_id)
+            data["sub"] = str(user_id)
        if current_password_hash is not None:
            data["password_fgpt"] = user_manager.password_helper.hash(
                current_password_hash
@ -299,7 +299,7 @@ class TestRequestVerifyUser:
            user_manager.verification_token_secret,
            audience=[user_manager.verification_token_audience],
        )
-        assert decoded_token["user_id"] == str(user.id)
+        assert decoded_token["sub"] == str(user.id)
        assert decoded_token["email"] == str(user.email)


@ -413,7 +413,7 @@ class TestForgotPassword:
            user_manager.reset_password_token_secret,
            audience=[user_manager.reset_password_token_audience],
        )
-        assert decoded_token["user_id"] == str(user.id)
+        assert decoded_token["sub"] == str(user.id)

        valid_fingerprint, _ = user_manager.password_helper.verify_and_update(
            user.hashed_password, decoded_token["password_fgpt"]