Skip to content

Fix SSO token expiration: use JWT lifetime, not API token lifetime#1728

Open
jedisct1 wants to merge 3 commits intomainfrom
fdenis/ssofix
Open

Fix SSO token expiration: use JWT lifetime, not API token lifetime#1728
jedisct1 wants to merge 3 commits intomainfrom
fdenis/ssofix

Conversation

@jedisct1
Copy link
Copy Markdown
Contributor

Change summary

The expiration status for SSO tokens was based on the short-lived JWT refresh token (~30 min) rather than the actual API token (~12 hours), causing spurious warnings and premature re-authentication prompts.

The fix makes both code paths prefer APITokenExpiresAt (already populated by EnrichWithTokenSelf during login) as the authoritative expiration source for SSO tokens, falling back to the JWT fields only when the API token metadata is unavailable.

All Submissions:

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?

Changes to Core Features:

  • Have you written new tests for your core changes, as applicable?
  • Have you successfully run tests with your changes locally?

User Impact

Users with SSO tokens will no longer see false "session expires in N minutes" warnings immediately after login, and will no longer be forced to re-authenticate after ~30 minutes when their token is still valid for hours.

Are there any considerations that need to be addressed for release?

None.

@jedisct1 jedisct1 requested a review from a team as a code owner April 20, 2026 15:13
@jedisct1 jedisct1 requested a review from kpfleming April 20, 2026 15:13
Comment thread CHANGELOG.md Outdated
jedisct1 and others added 2 commits April 21, 2026 16:01
The expiration status for SSO tokens was based on the short-lived JWT
refresh token (~30 min) rather than the actual API token (~12 hours),
causing spurious warnings and premature re-authentication prompts.
Co-authored-by: Kevin P. Fleming <kpfleming@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants