Skip to content

0.0.2 - JWT expiration fix

Choose a tag to compare

@GuyKh GuyKh released this 24 Jun 15:59
fix: replace broken JWT-decay check with time-based token refresh

The _ensure_auth_headers() method used is_jwt_expired() to decide when to refresh the auth token. But _auth_token stores the response body '60' (not a JWT), so is_jwt_expired('60') always returned False and refresh_token() was never called. After the X-Access-Token cookie expired (~1 hour), all subsequent API calls failed with empty HTTP 200 responses.

Fix: Track _last_token_refresh timestamp and refresh every 55 minutes (TOKEN_REFRESH_INTERVAL=3300), well under the cookie's 1-hour expiry.

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>