diff --git a/qcfractal/qcfractal/config.py b/qcfractal/qcfractal/config.py index 1b067b768..7f98c00c1 100644 --- a/qcfractal/qcfractal/config.py +++ b/qcfractal/qcfractal/config.py @@ -301,10 +301,10 @@ class WebAPIConfig(ConfigBase): secret_key: str = Field(..., description="Secret key for flask api. See documentation") jwt_secret_key: str = Field(..., description="Secret key for web tokens. See documentation") jwt_access_token_expires: int = Field( - 60 * 60 * 24 * 7, description="The time (in seconds) an access token is valid for. Default is 1 week" + 60 * 60, description="The time (in seconds) an access token is valid for. Default is 1 hour" ) jwt_refresh_token_expires: int = Field( - 60 * 60 * 24 * 30, description="The time (in seconds) a refresh token is valid for. Default is 30 days" + 60 * 60 * 24, description="The time (in seconds) a refresh token is valid for. Default is 1 day" ) extra_flask_options: Optional[Dict[str, Any]] = Field( diff --git a/qcportal/qcportal/client_base.py b/qcportal/qcportal/client_base.py index 32d25b487..7c3d06919 100644 --- a/qcportal/qcportal/client_base.py +++ b/qcportal/qcportal/client_base.py @@ -263,7 +263,16 @@ def _refresh_JWT_token(self) -> None: ) if ret.status_code == 200: - self._req_session.headers.update({"Authorization": f'Bearer {ret.json()["access_token"]}'}) + ret_json = ret.json() + self._req_session.headers.update({"Authorization": f'Bearer {ret_json["access_token"]}'}) + + # Store the expiration time of the access and refresh tokens + # (these are unix epoch timestamps) + decoded_access_token = jwt.decode( + ret_json["access_token"], algorithms=["HS256"], options={"verify_signature": False} + ) + self._jwt_access_exp = decoded_access_token["exp"] + else: # shouldn't happen unless user is blacklisted raise ConnectionRefusedError("Unable to refresh JWT authorization token! This is a server issue!!")