interuss · BenjaminPelletier · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026 · Mar 21, 2026
diff --git a/monitoring/monitorlib/auth_validation.py b/monitoring/monitorlib/auth_validation.py
@@ -11,7 +11,7 @@
 class Authorization(NamedTuple):
     client_id: str
     scopes: list[str]
-    issuer: str
+    issuer: str | None
 
 
 class InvalidScopeError(Exception):
@@ -99,6 +99,7 @@ def wrapper(*args, **kwargs):
                         client_id = (
                             r["client_id"] if "client_id" in r else r.get("sub", None)
                         )
+                        assert isinstance(client_id, str)
                     except jwt.ImmatureSignatureError:
                         raise InvalidAccessTokenError("Access token is immature.")
                     except jwt.ExpiredSignatureError:
@@ -114,6 +115,7 @@ def wrapper(*args, **kwargs):
                             f"Unexpected InvalidTokenError: {str(e)}"
                         )
                     issuer = r.get("iss", None)
+                    assert isinstance(issuer, str) or issuer is None
                     flask.request.jwt = Authorization(
                         client_id, provided_scopes, issuer
                     )

diff --git a/uv.lock b/uv.lock