chore: use access token expiration for proactive auth refresh#15545
chore: use access token expiration for proactive auth refresh#15545
Conversation
celia-oai
changed the title
celia-oai
changed the title
| if let Some(tokens) = auth_dot_json.tokens.as_ref() | ||
| && let Ok(Some(expires_at)) = parse_jwt_expiration(&tokens.access_token) | ||
| { | ||
| return expires_at <= Utc::now(); |
There was a problem hiding this comment.
do we want a buffer? TOKEN_REFRESH_INTERVAL?
There was a problem hiding this comment.
why do we need a buffer? expired_at is a timestamp? we still have the fallback code path that uses Token_refresh_interval after this in case exp field doesn't exist in token?
There was a problem hiding this comment.
Do we still need that codepath, can "exp" not be there?
There was a problem hiding this comment.
technically, jwt token doesn't necessarily have the 'exp' field. In reality, the auth token returned should always have this field. We can also throw an error here if exp doesn't exist, but I think having this silent fallback is safer
| } | ||
|
|
||
| #[derive(Deserialize)] | ||
| struct StandardJwtClaims { |
There was a problem hiding this comment.
why a separate struct? can we put this onto AuthClaims?
There was a problem hiding this comment.
this function is supposed to be generic so it can parse any jwt, not just id / access tokens I think
2 participants
Follow up to #15357 by making proactive ChatGPT auth refresh depend on the access token's JWT expiration instead of treating
last_refreshage as the primary source of truth.