Add module for generating JWTs

[stveit]

#2481

partial replacement for #2569

Adds functions for generating access and refresh Tokens of the Jason Web variety.

The expiry values should probably be configurable, but I'd rather do that in a separate PR since it would require
deciding the granularity of expiry (seconds, minutes, hours), updating docs etc etc ..

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.48%. Comparing base (2dda1eb) to head (cd9e8fb).
Report is 13 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2948      +/-   ##
==========================================
+ Coverage   60.47%   60.48%   +0.01%     
==========================================
  Files         603      604       +1     
  Lines       43771    43792      +21     
  Branches       48       48              
==========================================
+ Hits        26469    26489      +20     
- Misses      17290    17291       +1     
  Partials       12       12              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[hmpf]

Looks fine to me. Why is 'name' and 'aud' identical?

[stveit]

Looks fine to me. Why is 'name' and 'aud' identical?

name is the name of the local nav server, and these local tokens are made to be used for the local nav server, hence the audience (aud) is the same as the name for the server. iss is also the same as name and aud, since the server issues them itself

[lunkwill42]

Looks a-ok, but I have questions I want clarified before I give the green light :)

[lunkwill42]

Just curious why you picked "module" scope for this fixture?

[stveit]

If i remember correctly, fixtures with "module" scope can only use other fixtures that are also "module" scope or higher, so since jwtconf_mock(which is "module" scope) uses this, this also has to be "module" scope

[lunkwill42]

The reason I ask is that I can't recall ever seeing any particular use-case for module scoped fixtures.

I.e. test scoped fixtures are run on every test. module scoped fixtures are only run once per test module. session-scoped fixtures are run once per full test session.

If a test fixture is only ever defined and used within a single module, then I don't see that there is a principal difference between assigning module or session scope to it, so I was curious why you picked module.

[stveit]

Ah I see what you mean. I think my rationality here was to use the lowest level scope that still fulfilled the needs. I looked at the options and module seemed to fit the best in this case.

[lunkwill42]

The reason I ask is that I can't recall ever seeing any particular use-case for module scoped fixtures.

I.e. test scoped fixtures are run on every test. module scoped fixtures are only run once per test module. session-scoped fixtures are run once per full test session.

If a test fixture is only ever defined and used within a single module, then I don't see that there is a principal difference between assigning module or session scope to it, so I was curious why you picked module.