Skip to content

feat(auth): add JWT sliding token refresh#279

Merged
gary-Shen merged 1 commit into
mainfrom
feat/jwt-sliding-token-refresh
Jun 2, 2026
Merged

feat(auth): add JWT sliding token refresh#279
gary-Shen merged 1 commit into
mainfrom
feat/jwt-sliding-token-refresh

Conversation

@gary-Shen

@gary-Shen gary-Shen commented Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Member

When an authenticated request arrives with a token whose remaining lifetime is below TOKEN_REFRESH_THRESHOLD_MINUTES (default 15), a freshly issued token is returned via the X-New-Token response header so active users are never logged out mid-session. Fix #278

  • config: add TOKEN_REFRESH_THRESHOLD_MINUTES setting
  • security: add should_refresh_token() helper (decides off the raw exp claim)
  • user dependency: re-issue token via X-New-Token header in get_current_user
  • tests: cover near-expiry refresh and fresh-token no-op

@claude
feat(auth): add JWT sliding token refresh
4ce30bf 
When an authenticated request arrives with a token whose remaining
lifetime is below TOKEN_REFRESH_THRESHOLD_MINUTES (default 15), a freshly
issued token is returned via the X-New-Token response header so active
users are never logged out mid-session.

- config: add TOKEN_REFRESH_THRESHOLD_MINUTES setting
- security: add should_refresh_token() helper (decides off the raw exp claim)
- user dependency: re-issue token via X-New-Token header in get_current_user
- tests: cover near-expiry refresh and fresh-token no-op

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@gary-Shen gary-Shen merged commit 7810827 into main Jun 2, 2026
1 check passed
@gary-Shen gary-Shen deleted the feat/jwt-sliding-token-refresh branch June 2, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

如何保持后台启动?经常要重新登陆

1 participant

@gary-Shen