From 2fb2afc733aae5eec3e18fa0cd7be3d49e538634 Mon Sep 17 00:00:00 2001
From: ff137 <ff137@proton.me>
Date: Fri, 21 Jul 2023 10:39:26 +0200
Subject: [PATCH 1/6] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20upgrade=20`pyjwt`=20to?=
 =?UTF-8?q?=20latest?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: ff137 <ff137@proton.me>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 4be4b73b0f..ae33a54706 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ packaging~=20.4
 portalocker~=2.7.0
 prompt_toolkit~=2.0.9
 pydid~=0.3.6
-pyjwt~=2.4.0
+pyjwt~=2.8.0
 pyld~=2.0.3
 pynacl~=1.5.0
 python-dateutil~=2.8.1

From 2acf36a6988b638bfae28a282a06ea4b3c00dde3 Mon Sep 17 00:00:00 2001
From: ff137 <ff137@proton.me>
Date: Mon, 24 Jul 2023 18:38:33 +0200
Subject: [PATCH 2/6] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20upgrade=20`pyjwt`=20to?=
 =?UTF-8?q?=202.5.0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: ff137 <ff137@proton.me>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index ddef3ec15d..1bc25bd56c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ packaging~=23.1
 portalocker~=2.7.0
 prompt_toolkit~=2.0.9
 pydid~=0.3.6
-pyjwt~=2.8.0
+pyjwt~=2.5.0
 pyld~=2.0.3
 pynacl~=1.5.0
 python-dateutil~=2.8.1

From 5d88a26dffa5f0c347360ca2ece71738a3c6b820 Mon Sep 17 00:00:00 2001
From: ff137 <ff137@proton.me>
Date: Mon, 24 Jul 2023 19:25:49 +0200
Subject: [PATCH 3/6] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20upgrade=20`pyjwt`=20to?=
 =?UTF-8?q?=202.6.0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: ff137 <ff137@proton.me>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 1bc25bd56c..58e346fa88 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ packaging~=23.1
 portalocker~=2.7.0
 prompt_toolkit~=2.0.9
 pydid~=0.3.6
-pyjwt~=2.5.0
+pyjwt~=2.6.0
 pyld~=2.0.3
 pynacl~=1.5.0
 python-dateutil~=2.8.1

From e3f1eeb7f713943835b03b856e753015e63aaa96 Mon Sep 17 00:00:00 2001
From: ff137 <ff137@proton.me>
Date: Mon, 24 Jul 2023 21:07:37 +0200
Subject: [PATCH 4/6] introduce leeway of 5s for `jwt.decode`

This addresses breaking change in `pyjwt` version 2.6 (https://github.com/jpadilla/pyjwt/pull/797), where validation will now raise an `ImmatureSignatureError` if the 'issued at' time is in the future.

Integration tests fail with `pyjwt~=2.6`, potentially because of clock synchronization / network latency / time zone differences in `issued_at` time of the jwt, so a leeway of 5 seconds attempts to accommodate ant potential latency / clock sync issue

Signed-off-by: ff137 <ff137@proton.me>
---
 aries_cloudagent/multitenant/base.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aries_cloudagent/multitenant/base.py b/aries_cloudagent/multitenant/base.py
index 03fbb7a515..d28a3a1cf2 100644
--- a/aries_cloudagent/multitenant/base.py
+++ b/aries_cloudagent/multitenant/base.py
@@ -321,7 +321,7 @@ async def create_auth_token(
     def get_wallet_details_from_token(self, token: str) -> Tuple[str, str]:
         """Get the wallet_id and wallet_key from provided token."""
         jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret")
-        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"])
+        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5)
         wallet_id = token_body.get("wallet_id")
         wallet_key = token_body.get("wallet_key")
         return wallet_id, wallet_key
@@ -360,7 +360,7 @@ async def get_profile_for_token(
         jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret")
         extra_settings = {}
 
-        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"])
+        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5)
 
         wallet_id = token_body.get("wallet_id")
         wallet_key = token_body.get("wallet_key")

From cebcbd655effbeec590ac23d26b5c60622887e7d Mon Sep 17 00:00:00 2001
From: ff137 <ff137@proton.me>
Date: Mon, 24 Jul 2023 21:47:51 +0200
Subject: [PATCH 5/6] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20upgrade=20`pyjwt`=20to?=
 =?UTF-8?q?=202.8.0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: ff137 <ff137@proton.me>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index e6b1fa705e..88841288ff 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ packaging~=23.1
 portalocker~=2.7.0
 prompt_toolkit~=2.0.9
 pydid~=0.3.6
-pyjwt~=2.6.0
+pyjwt~=2.8.0
 pyld~=2.0.3
 pynacl~=1.5.0
 python-dateutil~=2.8.1

From 9f66f0982b4ea2400adc9d571a1f8f834ae618b3 Mon Sep 17 00:00:00 2001
From: ff137 <ff137@proton.me>
Date: Mon, 24 Jul 2023 21:53:37 +0200
Subject: [PATCH 6/6] =?UTF-8?q?=F0=9F=90=9B=E2=9C=85=20introduce=20leeway?=
 =?UTF-8?q?=20of=201s=20for=20`jwt.decode`?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This addresses breaking change in `pyjwt` version 2.6 (https://github.com/jpadilla/pyjwt/pull/797), where validation will now raise an `ImmatureSignatureError` if the 'issued at' time is in the future, with default 0 leeway.

Integration tests fail with `pyjwt~=2.6`, potentially because of clock synchronization / network latency between `issued_at` time at generation and decoding of the jwt; so, a leeway of 1 second accommodates any potential latency / clock sync issue

Signed-off-by: ff137 <ff137@proton.me>
---
 aries_cloudagent/multitenant/base.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aries_cloudagent/multitenant/base.py b/aries_cloudagent/multitenant/base.py
index d28a3a1cf2..6d07b52867 100644
--- a/aries_cloudagent/multitenant/base.py
+++ b/aries_cloudagent/multitenant/base.py
@@ -321,7 +321,7 @@ async def create_auth_token(
     def get_wallet_details_from_token(self, token: str) -> Tuple[str, str]:
         """Get the wallet_id and wallet_key from provided token."""
         jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret")
-        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5)
+        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=1)
         wallet_id = token_body.get("wallet_id")
         wallet_key = token_body.get("wallet_key")
         return wallet_id, wallet_key
@@ -360,7 +360,7 @@ async def get_profile_for_token(
         jwt_secret = self._profile.context.settings.get("multitenant.jwt_secret")
         extra_settings = {}
 
-        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=5)
+        token_body = jwt.decode(token, jwt_secret, algorithms=["HS256"], leeway=1)
 
         wallet_id = token_body.get("wallet_id")
         wallet_key = token_body.get("wallet_key")