Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: JWT token refresh #5200

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: JWT token refresh #5200

wants to merge 5 commits into from
+207 −68

Conversation

tiagoapolo
Copy link
Contributor

@tiagoapolo tiagoapolo commented Mar 7, 2025
edited
Loading

Thanks for submitting a PR! Please check the boxes below:

  • I have added information to docs/ if required so people know about the feature!
  • I have filled in the "Changes" section below?
  • I have filled in the "How did you test this code" section below?
  • I have used a Conventional Commit title for this Pull Request

Changes

Ref: #4688

This pull request replaces Sliding Tokens with Access and Refresh Tokens.

  • Exposes /auth/token/refresh/ for refreshing access tokens using a valid refresh token.
  • Updated authorise_response to set cookies for both AccessToken and RefreshToken
  • Introduced JWTCookieTokenRefreshView for handling token refresh and updated logout view to handle RefreshToken blacklisting.
  • Implemented response interceptors in api calls to handle automatic token refresh on 401 responses.

How did you test this code?

Test Settings:

  • cookie_auth_enabled=True
  • cors_origin_allow_all=True
  • frontend => Project.cookieAuthEnabled: true in project_local.js

Regression tests:

  • Authentication
  • Refresh token strategy forcing an expired access token
  • Forced logout removing both access and refresh tokens
  • Regular logout

Test run in usage page with hard refresh

Only additional calls are /refresh calls, proving that there were no impacts in the existing api calls

  • Current
    Screenshot 2025-03-12 at 17 07 57

  • Using refresh token flow
    Screenshot 2025-03-12 at 16 59 05

Please describe.

@vercel Vercel
Copy link

vercel bot commented Mar 7, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments
Name Status Preview Comments Updated (UTC)
docs ⬜️ Ignored (Inspect) Visit Preview Mar 12, 2025 8:23pm
flagsmith-frontend-preview ⬜️ Ignored (Inspect) Visit Preview Mar 12, 2025 8:23pm
flagsmith-frontend-staging ⬜️ Ignored (Inspect) Visit Preview Mar 12, 2025 8:23pm

@github-actions github-actions bot added front-end Issue related to the React Front End Dashboard api Issue related to the REST API feature New feature or request labels Mar 7, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 7, 2025
edited
Loading

Uffizzi Ephemeral Environment deployment-61661

☁️ https://app.uffizzi.com/github.com/Flagsmith/flagsmith/pull/5200

📄 View Application Logs etc.

What is Uffizzi? Learn more!

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 7, 2025
edited
Loading

Uffizzi Ephemeral Environment Deploying

☁️ https://app.uffizzi.com/github.com/Flagsmith/flagsmith/pull/5200

⚙️ Updating now by workflow run 13820830076.

What is Uffizzi? Learn more!

@tiagoapolo tiagoapolo force-pushed the feat/5195--JWT-token-refresh branch from 0628079 to 23f5241 Compare March 7, 2025 19:43
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 7, 2025
@tiagoapolo tiagoapolo force-pushed the feat/5195--JWT-token-refresh branch from a1b2ac3 to 5ec4333 Compare March 10, 2025 13:57
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 10, 2025
@tiagoapolo tiagoapolo self-assigned this Mar 10, 2025
@tiagoapolo tiagoapolo force-pushed the feat/5195--JWT-token-refresh branch from cc94c31 to 140d07b Compare March 10, 2025 14:08
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 10, 2025
@tiagoapolo tiagoapolo force-pushed the feat/5195--JWT-token-refresh branch from c6f0403 to 0cf3e1d Compare March 10, 2025 14:12
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 10, 2025
@tiagoapolo tiagoapolo force-pushed the feat/5195--JWT-token-refresh branch from 1709d07 to 5b90674 Compare March 12, 2025 20:06
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 12, 2025
@tiagoapolo tiagoapolo force-pushed the feat/5195--JWT-token-refresh branch from 4738f53 to db94934 Compare March 12, 2025 20:17
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 12, 2025
@tiagoapolo tiagoapolo force-pushed the feat/5195--JWT-token-refresh branch from 6f448fc to 2c740c4 Compare March 12, 2025 20:21
@github-actions github-actions bot added feature New feature or request and removed feature New feature or request labels Mar 12, 2025
@tiagoapolo tiagoapolo marked this pull request as ready for review March 12, 2025 20:21
@tiagoapolo tiagoapolo requested review from a team as code owners March 12, 2025 20:21
@tiagoapolo tiagoapolo requested review from kyle-ssg and matthewelwell and removed request for a team March 12, 2025 20:21
@github-actions github-actions bot removed the feature New feature or request label Mar 12, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 12, 2025
edited
Loading

Docker builds report

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-api-test:pr-5200 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-e2e:pr-5200 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-api:pr-5200 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-private-cloud:pr-5200 Finished ✅ Results
ghcr.io/flagsmith/flagsmith:pr-5200 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-frontend:pr-5200 Finished ✅ Results

@github-actions github-actions bot added the feature New feature or request label Mar 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kyle-ssg kyle-ssg Awaiting requested review from kyle-ssg kyle-ssg is a code owner automatically assigned from Flagsmith/flagsmith-front-end

@matthewelwell matthewelwell Awaiting requested review from matthewelwell matthewelwell is a code owner automatically assigned from Flagsmith/flagsmith-back-end

At least 1 approving review is required to merge this pull request.

Assignees

@tiagoapolo tiagoapolo

Labels
api Issue related to the REST API feature New feature or request front-end Issue related to the React Front End Dashboard
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tiagoapolo