Replies: 2 comments 2 replies
-
|
The worker authenticates with the same short‑lived access token that the CLI obtains during For unattended hosts the recommended pattern is to use a service‑account token (or “host token”) instead of a user login. Create a service account in the Omnigent UI/CLI, export its token to the host machine, and start the host with: export OMNIGENT_HOST_TOKEN=<service‑account‑jwt>
omni host --server https://<my-omnigent-server> |
Beta Was this translation helpful? Give feedback.
-
|
You're running into a session token lifecycle issue that's common with OIDC-authenticated worker architectures. Here's what's happening and how to fix it. Root cause: The The worker process doesn't automatically refresh this token after the initial login, so when the access token expires, the worker can no longer authenticate its reconnection attempts. The specific env vars you asked about:
What's likely missing: The worker needs either: (a) automatic token refresh using a refresh token, or (b) a long-lived service token that doesn't expire. Solutions (best first):
For the Omnigent team to consider: A TL;DR: The session TTL settings affect server-side session lifetime, but your worker's access token likely expires sooner. Use a long-lived service/API token for the worker instead of relying on |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I have a question about the expected authentication lifecycle for a long-running Omnigent worker/host.
Setup
I deployed:
The worker is authenticated against the Omnigent platform first, then started as a long-running process.
Rough flow:
After that, everything works correctly. Agents can be spawned and they connect back to the platform as expected.
Problem
The setup keeps working until the spawned agents have been idle for a while. When I come back after a couple of hours, the worker/host no longer seems to be authenticated properly, and I have to run
omnigent loginagain on the worker machine before things work again.I already tried increasing the account/session lifetime, for example:
or the equivalent setting for my auth mode, but the worker still eventually requires re-authentication.
Expected Behavior
For a long-running worker/host process, I expected one of the following:
Actual Behavior
After the agents are idle for a few hours, the worker/host needs manual re-authentication with
omnigent loginbefore it can continue working.Questions
OMNIGENT_ACCOUNTS_SESSION_TTL_HOURS?OMNIGENT_OIDC_SESSION_TTL_HOURS?Environment
I can provide exact values if useful, but the relevant shape is:
0.3.0Thanks! I am trying to understand whether this is a configuration issue on my side, a missing long-running-worker auth flow, or a bug in the reconnect/auth refresh path.
Beta Was this translation helpful? Give feedback.
All reactions