From 6a243fa7a4b59819b4c550120d278f7684935867 Mon Sep 17 00:00:00 2001 From: mitchell Date: Wed, 13 Nov 2024 15:11:45 -0500 Subject: [PATCH 1/2] Add a bit of lag to the JWT renewal time. It was possible to land within the interval between actual expired time and expected expired time. --- pkg/platform/authentication/auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/platform/authentication/auth.go b/pkg/platform/authentication/auth.go index 2b0c3a7936..6bd4b9c2cc 100644 --- a/pkg/platform/authentication/auth.go +++ b/pkg/platform/authentication/auth.go @@ -317,7 +317,7 @@ func (s *Auth) UpdateSession(accessToken *mono_models.JWT) { s.bearerToken = accessToken.Token clientAuth := httptransport.BearerToken(s.bearerToken) s.clientAuth = &clientAuth - s.lastRenewal = ptr.To(time.Now()) + s.lastRenewal = ptr.To(time.Now().Add(-1 * time.Minute)) // the renewal happened up to a few seconds ago, not now persist = s } From e862c58b097d0a50b2ed9950492c351378aa7e4f Mon Sep 17 00:00:00 2001 From: mitchell Date: Thu, 14 Nov 2024 15:28:58 -0500 Subject: [PATCH 2/2] Reduce JWT lifetime instead. --- pkg/platform/authentication/auth.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/platform/authentication/auth.go b/pkg/platform/authentication/auth.go index 6bd4b9c2cc..8e1a1f8db3 100644 --- a/pkg/platform/authentication/auth.go +++ b/pkg/platform/authentication/auth.go @@ -37,8 +37,8 @@ type ErrTokenRequired struct{ *locale.LocalizedError } var errNotYetGranted = locale.NewInputError("err_auth_device_noauth") // jwtLifetime is the lifetime of the JWT. This is defined by the API, but the API doesn't communicate this. -// We drop a minute from this to avoid race conditions with the API. -const jwtLifetime = (1 * time.Hour) - (1 * time.Minute) +// We drop 10 minutes from this to be on the safe side and avoid race conditions with the API. +const jwtLifetime = (1 * time.Hour) - (10 * time.Minute) // Auth is the base structure used to record the authenticated state type Auth struct { @@ -317,7 +317,7 @@ func (s *Auth) UpdateSession(accessToken *mono_models.JWT) { s.bearerToken = accessToken.Token clientAuth := httptransport.BearerToken(s.bearerToken) s.clientAuth = &clientAuth - s.lastRenewal = ptr.To(time.Now().Add(-1 * time.Minute)) // the renewal happened up to a few seconds ago, not now + s.lastRenewal = ptr.To(time.Now()) persist = s }