nat.runtime.connection_auth

Helpers for extracting auth headers, cookies, and resolving user_id from HTTP/WebSocket connections.

Functions

get_auth_and_cookies_from_connection(...)	Extract Authorization header value and cookies dict from Request or WebSocket.
decode_jwt_payload_unverified(→ dict[str, Any] | None)	Decode JWT payload without verification (PyJWT).
resolve_user_id(→ str | None)	Resolve user_id: 1) nat-session cookie (preserves existing behavior),

Module Contents

get_auth_and_cookies_from_connection(

connection: starlette.requests.HTTPConnection,

) → tuple[str | None, dict[str, str]]

Extract Authorization header value and cookies dict from Request or WebSocket.

Returns:

(auth_header_value, cookies_dict). auth_header_value is the raw header (e.g. “Bearer <token>”). cookies_dict has cookie names as keys.

decode_jwt_payload_unverified(token: str) → dict[str, Any] | None

Decode JWT payload without verification (PyJWT). Used only to extract user identity claims (name, email, sub) for routing.

resolve_user_id(

auth_header_value: str | None,

cookies: dict[str, str],

) → str | None

Resolve user_id: 1) nat-session cookie (preserves existing behavior), 2) from JWT in Authorization header (name/email/sub) when cookie is not set.