Merge pull request #753 from MolSSI/next

Improvements to JWT handling
MolSSI · Sep 17, 2023 · 3ec69b1 · 3ec69b1
2 parents ee3504f + 9027466
commit 3ec69b1
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/qcfractal/qcfractal/config.py b/qcfractal/qcfractal/config.py
@@ -301,10 +301,10 @@ class WebAPIConfig(ConfigBase):
     secret_key: str = Field(..., description="Secret key for flask api. See documentation")
     jwt_secret_key: str = Field(..., description="Secret key for web tokens. See documentation")
     jwt_access_token_expires: int = Field(
-        60 * 60 * 24 * 7, description="The time (in seconds) an access token is valid for. Default is 1 week"
+        60 * 60, description="The time (in seconds) an access token is valid for. Default is 1 hour"
     )
     jwt_refresh_token_expires: int = Field(
-        60 * 60 * 24 * 30, description="The time (in seconds) a refresh token is valid for. Default is 30 days"
+        60 * 60 * 24, description="The time (in seconds) a refresh token is valid for. Default is 1 day"
     )
 
     extra_flask_options: Optional[Dict[str, Any]] = Field(

diff --git a/qcportal/qcportal/client_base.py b/qcportal/qcportal/client_base.py
@@ -263,7 +263,16 @@ def _refresh_JWT_token(self) -> None:
         )
 
         if ret.status_code == 200:
-            self._req_session.headers.update({"Authorization": f'Bearer {ret.json()["access_token"]}'})
+            ret_json = ret.json()
+            self._req_session.headers.update({"Authorization": f'Bearer {ret_json["access_token"]}'})
+
+            # Store the expiration time of the access and refresh tokens
+            # (these are unix epoch timestamps)
+            decoded_access_token = jwt.decode(
+                ret_json["access_token"], algorithms=["HS256"], options={"verify_signature": False}
+            )
+            self._jwt_access_exp = decoded_access_token["exp"]
+
         else:  # shouldn't happen unless user is blacklisted
             raise ConnectionRefusedError("Unable to refresh JWT authorization token! This is a server issue!!")