From 2123b2da31eef0f3e185aaa9760dbdb883012fe8 Mon Sep 17 00:00:00 2001
From: Shuchang Zheng <wintonzheng0325@gmail.com>
Date: Sun, 3 Mar 2024 17:01:14 -0500
Subject: [PATCH] make signature algorithm configurable (#7)

---
 skyvern/config.py                  | 3 +++
 skyvern/forge/sdk/core/security.py | 9 ++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/skyvern/config.py b/skyvern/config.py
index 6510d714..b973c946 100644
--- a/skyvern/config.py
+++ b/skyvern/config.py
@@ -29,7 +29,10 @@ class Settings(BaseSettings):
     JSON_LOGGING: bool = False
     PORT: int = 8000
 
+    # Secret key for JWT. Please generate your own secret key in production
     SECRET_KEY: str = "RX1NvhujcJqBPi8O78-7aSfJEWuT86-fll4CzKc_uek"
+    # Algorithm used to sign the JWT
+    SIGNATURE_ALGORITHM: str = "HS256"
     ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 7  # one week
 
     SKYVERN_API_KEY: str = "SKYVERN_API_KEY"
diff --git a/skyvern/forge/sdk/core/security.py b/skyvern/forge/sdk/core/security.py
index bb08a7bd..62b5b906 100644
--- a/skyvern/forge/sdk/core/security.py
+++ b/skyvern/forge/sdk/core/security.py
@@ -5,10 +5,9 @@ from typing import Any, Union
 
 from jose import jwt
 
+from skyvern.config import settings
 from skyvern.forge.sdk.settings_manager import SettingsManager
 
-ALGORITHM = "HS256"
-
 
 def create_access_token(
     subject: Union[str, Any],
@@ -21,7 +20,11 @@ def create_access_token(
             minutes=SettingsManager.get_settings().ACCESS_TOKEN_EXPIRE_MINUTES,
         )
     to_encode = {"exp": expire, "sub": str(subject)}
-    encoded_jwt = jwt.encode(to_encode, SettingsManager.get_settings().SECRET_KEY, algorithm=ALGORITHM)
+    encoded_jwt = jwt.encode(
+        to_encode,
+        SettingsManager.get_settings().SECRET_KEY,
+        algorithm=settings.SIGNATURE_ALGORITHM,
+    )
     return encoded_jwt