Extend JWT token expiration times

Access tokens now last 1 hour (up from default 15 min) and refresh tokens last 30 days, reducing frequent re-authentication. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-05 10:10:47 -04:00
3 changed files with 7 additions and 7 deletions
--- a/5
+++ b/5
@@ -1,11 +1,8 @@
-.PHONY: deploy redeploy build up down restart logs migrate migrate-new frontend test
+.PHONY: deploy build up down restart logs migrate migrate-new frontend test

 # Build and deploy
 deploy: build up

-redeploy:
-	git pull && $(MAKE) down && $(MAKE) up
-
 build:
 	docker compose build raggr

--- a/app.py
+++ b/app.py
@@ -1,5 +1,6 @@
 import logging
 import os
+from datetime import timedelta

 from dotenv import load_dotenv
 from quart import Quart, jsonify, render_template, request, send_from_directory
@@ -38,6 +39,8 @@ app = Quart(
 )

 app.config["JWT_SECRET_KEY"] = os.getenv("JWT_SECRET_KEY", "SECRET_KEY")
+app.config["JWT_ACCESS_TOKEN_EXPIRES"] = timedelta(hours=1)
+app.config["JWT_REFRESH_TOKEN_EXPIRES"] = timedelta(days=30)
 app.config["MAX_CONTENT_LENGTH"] = 10 * 1024 * 1024  # 10 MB upload limit
 jwt = JWTManager(app)

--- a/blueprints/users/oidc_service.py
+++ b/blueprints/users/oidc_service.py
@@ -35,7 +35,7 @@ class OIDCUserService:
                claims.get("preferred_username") or claims.get("name") or user.username
            )
            # Update LDAP groups from claims
-            user.ldap_groups = claims.get("groups") or []
+            user.ldap_groups = claims.get("groups", [])
            await user.save()
            return user

@@ -48,7 +48,7 @@ class OIDCUserService:
                user.oidc_subject = oidc_subject
                user.auth_provider = "oidc"
                user.password = None  # Clear password
-                user.ldap_groups = claims.get("groups") or []
+                user.ldap_groups = claims.get("groups", [])
                await user.save()
                return user

@@ -61,7 +61,7 @@ class OIDCUserService:
        )

        # Extract LDAP groups from claims
-        groups = claims.get("groups") or []
+        groups = claims.get("groups", [])

        user = await User.create(
            id=uuid4(),