ace.core.jwt_user

class ace.core.jwt_user.JwtUser(payload: dict)[source]

Bases: object

Represents the authenticated user extracted from a decoded JWT Bearer token.

All standard claims from the Equisoft/Centralize token are exposed as typed properties. Any extra or custom claim is also accessible via get() or the subscript operator, so the class stays useful even when the token schema evolves.

Typical usage inside a script (self is any BaseRule subclass):

user = self.jwt_user

if user is None:
    # Request was made without a Bearer token
    ...

# Typed shorthand properties
print(user.application_user_id)   # int  – applicationUserId claim
print(user.user_id)               # int  – userId claim
print(user.email)                 # str  – email claim
print(user.name)                  # str  – name claim
print(user.org)                   # str  – org claim
print(user.roles)                 # list – roles claim
print(user.divisions)             # list – divisions claim
print(user.language_id)           # int  – languageId claim
print(user.application_uuid)      # str  – applicationUUID claim
print(user.subject)               # str  – sub claim
print(user.is_carbon)             # bool – isCarbon claim

# Access any claim by its original JWT key name
value = user.get("someCustomClaim", default="fallback")

# Dict-style access
value = user["someCustomClaim"]

# Membership test
if "someCustomClaim" in user:
    ...

# Full payload as a plain dict
payload = user.as_dict()

__init__(payload: dict)[source]

Parameters:: payload – The decoded JWT payload dict (as returned by jwt.decode()).

property application_user_id: int | None: applicationUserId claim – primary user identifier used by ACE scripts.

property user_id: int | None: userId claim.

property name: str | None: name claim – display name of the authenticated user.

property email: str | None: email claim.

property org: str | None: org claim – organisation name.

property roles: List[Any]: roles claim – list of role identifiers assigned to the user.

property divisions: List[str]: divisions claim – list of division names the user belongs to.

property language_id: int | None: languageId claim.

property application_uuid: str | None: applicationUUID claim.

property is_carbon: bool: isCarbon claim.

property is_commission: bool: isCommission claim.

property audience: list: aud claim – list of intended audiences for this token.

property subject: str | None: sub claim – UUID that uniquely identifies the user in the IdP.

property issuer: str | None: iss claim – token issuer URL.

property issued_at: int | None: iat claim – Unix timestamp when the token was issued.

property expires_at: int | None: exp claim – Unix timestamp when the token expires.

property not_before: int | None: nbf claim – Unix timestamp before which the token is not valid.

property jwt_id: str | None: jti claim – unique identifier for this specific token.

get(claim: str, default: Any = None) → Any[source]

Return the value of any claim by its original JWT key name.

Parameters:

claim – The raw claim key as it appears in the JWT payload (e.g. "applicationUserId", "someCustomClaim").
default – Value to return when the claim is absent.

__getitem__(claim: str) → Any[source]: Allow dict-style access: user["applicationUserId"].

__contains__(claim: str) → bool[source]: Support "claim" in user membership checks.

as_dict() → dict[source]: Return a copy of the full decoded JWT payload.

classmethod from_token(token: str) → JwtUser | None[source]

Decode a raw JWT string (without signature verification) and return a JwtUser instance, or None if decoding fails.

Parameters:: token – The raw Bearer token string (without the ``Bearer `` prefix).

classmethod from_payload(payload: dict) → JwtUser[source]: Build a JwtUser directly from an already-decoded payload dict.