Skip to content

fix: correct token TTL from 30 days to documented 24 hours #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
JanTvrdik wants to merge 1 commit into from
Closed

fix: correct token TTL from 30 days to documented 24 hours #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions crates/okena-core/src/client/types.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,8 @@ pub enum ConnectionEvent {
},
}

/// Token age threshold for refresh (14 days).
pub const TOKEN_REFRESH_AGE_SECS: i64 = 14 * 24 * 3600;
/// Token age threshold for refresh (20 hours — must be shorter than the 24h server TTL).
pub const TOKEN_REFRESH_AGE_SECS: i64 = 20 * 3600;
Comment on lines +88 to +89
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TOKEN_REFRESH_AGE_SECS is now hard-coded relative to the server TTL (“must be shorter than the 24h server TTL”), but the client already receives expires_in from /v1/pair and /v1/refresh (currently ignored). Consider basing refresh scheduling on the server-provided expires_in (minus a safety margin) to avoid future drift between client and server TTLs.

Suggested change
/// Token age threshold for refresh (20 hours — must be shorter than the 24h server TTL).
pub const TOKEN_REFRESH_AGE_SECS: i64 = 20 * 3600;
/// Safety margin (in seconds) before token expiry when a refresh should be attempted.
/// Intended to be used in combination with the server-provided `expires_in` value.
pub const TOKEN_REFRESH_AGE_SECS: i64 = 4 * 3600;

Copilot uses AI. Check for mistakes.
Comment on lines +88 to +89
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description says this change is only a comment update for TOKEN_REFRESH_AGE_SECS, but the diff also changes the constant value from 14 days to 20 hours (behavioral change that affects refresh frequency). Please update the PR description (and any release notes/changelog if applicable) to reflect the runtime behavior change so reviewers/users don’t miss it.

Copilot uses AI. Check for mistakes.

#[cfg(test)]
mod tests {
Expand Down
4 changes: 2 additions & 2 deletions src/remote/auth.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ use std::time::{Duration, Instant, SystemTime};

type HmacSha256 = Hmac<Sha256>;

/// Token time-to-live in seconds (30 days).
pub const TOKEN_TTL_SECS: u64 = 30 * 24 * 3600;
/// Token time-to-live in seconds (24 hours).
pub const TOKEN_TTL_SECS: u64 = 24 * 3600;

/// A stored token record.
#[allow(dead_code)]
Expand Down
Loading