Remove IAT from server side token. (#198)

* Generate JWT valid 5 seconds before generation

* fix test

* remove iat from server side token

Author: vagruchi

getstream/stream.py

@@ -101,7 +101,9 @@ def create_token(
         if user_id is None or user_id == "":
             raise ValueError("user_id is required")
 
-        return self._create_token(user_id=user_id, expiration=expiration)
+        return self._create_token(
+            user_id=user_id, expiration=expiration, iat=int(time.time()) - 5
+        )
 
     def create_call_token(
         self,
@@ -111,7 +113,11 @@ def create_call_token(
         expiration: int = None,
     ):
         return self._create_token(
-            user_id=user_id, call_cids=call_cids, role=role, expiration=expiration
+            user_id=user_id,
+            call_cids=call_cids,
+            role=role,
+            expiration=expiration,
+            iat=int(time.time() - 5),
         )
 
     def _create_token(
@@ -121,12 +127,14 @@ def _create_token(
         call_cids: List[str] = None,
         role: str = None,
         expiration=None,
+        iat: int = None,
     ):
         now = int(time.time())
 
-        claims = {
-            "iat": now,
-        }
+        claims = {}
+
+        if iat is not None:
+            claims["iat"] = iat
 
         if channel_cids is not None:
             claims["channel_cids"] = channel_cids

tests/test_video_integration.py

@@ -62,7 +62,8 @@ def test_create_token_with_expiration(client: Stream):
     assert token is not None
     decoded = jwt.decode(token, client.api_secret, algorithms=["HS256"])
     assert decoded["iat"] is not None
-    assert decoded["exp"] == decoded["iat"] + 10
+    # 5 seconds to avoid clock skew and 10 seconds - expiration
+    assert decoded["exp"] == decoded["iat"] + 5 + 10
     assert decoded["user_id"] == "tommaso"