JWT Refresh not working reliably. #306
Description
I'm running LearningHouse in docker, invoked with the following command
docker run --name learninghouse --rm -v brains:/learninghouse/brains -p 5000:5000 -e "LEARNINGHOUSE_HOST=0.0.0.0" -e "LEARNINGHOUSE_BASE_URL=http://helios" -e "LEARNINGHOUSE_LOGGING_LEVEL=DEBUG" -e LEARNINGHOUSE_JWT_SECRET="supersecret" -e "LEARNINGHOUSE_JWT_EXPIRE_MINUTES=600" ghcr.io/deroetzi/learninghouse:main
The JWT refresh seems unreliable. Sometimes it will refresh expected, others it will fail as seen in the logs below:
2024-04-27 14:58:42.956 | INFO | learninghouse.services.auth:create_token:60 - Admin user logged in sucessfully
2024-04-27 14:58:42.957 | INFO | uvicorn.protocols.http.httptools_impl:send:496 - 10.10.10.199:52153 - "POST /api/auth/token HTTP/1.1" 200
2024-04-27 14:58:42.977 | INFO | uvicorn.protocols.http.httptools_impl:send:496 - 10.10.10.199:52153 - "GET /api/brains/info HTTP/1.1" 200
2024-04-27 14:58:49.998 | INFO | learninghouse.services.auth:refresh_token:72 - Admin token refreshed
2024-04-27 14:58:49.999 | INFO | uvicorn.protocols.http.httptools_impl:send:496 - 10.10.10.199:52165 - "PUT /api/auth/token HTTP/1.1" 200
2024-04-27 14:58:58.358 | ERROR | learninghouse.services.auth:verify_jwt:269 - No valid refresh token
2024-04-27 14:58:58.358 | WARNING | learninghouse.api.errors:learninghouse_exception_handler:166 - Could not validate credentials
2024-04-27 14:58:58.359 | INFO | uvicorn.protocols.http.httptools_impl:send:496 - 10.10.10.199:52172 - "PUT /api/auth/token HTTP/1.1" 401
The scenario above was:
- Log in as the admin user,
- wait ~10s
- Click the refresh token button, the token refresh succeeds
- wait ~10s
- Click the button again, the token refresh fails
This scenario is quite contrived, who sits there and and refreshes a token? The bug becomes an issue when the refresh fails and you get logged out every 60 seconds.