Files
arnes/spec/sdd/components/token-service.md
rikrdo 3ff9b70e4c refactor: complete bootstrap of ARNES agent harness framework
- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter)
- Implement strict workflow with 9 stages and mandatory gates
- Add comprehensive verification script and runtime status tracking
- Create artifact-based evidence system with contracts and schemas
- Add agent policy matrix with permissions and anti-cheat rules
- Include test suite (44 tests passing) and CI-ready structure
- Add documentation: README, HOWTO, CHECKPOINTS, templates
- Configure model routing policies and token-aware task assignment
- Add BDD/SDD specification guides and feature templates
- Include starter pack for quick project onboarding

All verification checks pass. Framework ready for production use.
2026-05-17 23:25:35 +02:00

69 lines
1.4 KiB
Markdown

# TokenService Component
## Purpose
Generate, validate, and manage JWT tokens.
## Public API
### Methods
#### create_access_token(user: User) -> str
Generate a new JWT access token.
**Parameters:**
- `user`: User object with id, email, role
**Returns:** JWT token string
**Token claims:**
```json
{
"sub": user.id,
"email": user.email,
"role": user.role,
"iat": current_timestamp,
"exp": current_timestamp + 900, # 15 min
"jti": uuid4()
}
```
#### create_refresh_token(user: User) -> str
Generate a new refresh token.
**Returns:** JWT refresh token (7 day expiration)
#### verify_token(token: str) -> TokenPayload
Validate and decode a JWT token.
**Parameters:**
- `token`: JWT token string
**Returns:** TokenPayload with claims
**Raises:**
- `ExpiredSignatureError`: Token expired
- `InvalidTokenError`: Token invalid/malformed
#### revoke_token(token_id: str, user_id: str) -> bool
Mark a token as revoked in session store.
**Parameters:**
- `token_id`: JWT jti claim
- `user_id`: User ID
**Returns:** True if revoked
---
## Configuration
```python
ACCESS_TOKEN_EXPIRE = 900 # 15 minutes
REFRESH_TOKEN_EXPIRE = 604800 # 7 days
ALGORITHM = "HS256" # or RS256 with key pair
SECRET_KEY = os.getenv("JWT_SECRET")
```
## Security
- Tokens include unique `jti` claim for revocation tracking
- Short access token duration minimizes theft window
- Refresh tokens stored in Redis for fast revocation