Skip to content

Configure JWT tokens to expire after 30 seconds #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
devin-ai-integration wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Configure JWT tokens to expire after 30 seconds #15

devin-ai-integration wants to merge 1 commit into from

Conversation

@devin-ai-integration
Copy link

@devin-ai-integration devin-ai-integration bot commented Oct 14, 2025

Configure JWT tokens to expire after 30 seconds

Summary

Modified the JWT token expiration configuration from 24 hours to 30 seconds in src/backend/config.py. This changes the JWT_ACCESS_TOKEN_EXPIRES setting to use timedelta(seconds=30) instead of timedelta(hours=24).

All existing backend unit tests pass successfully.

Review & Testing Checklist for Human

  • Verify 30 seconds is the intended expiration time - This is extremely short and will require users to re-authenticate every 30 seconds. Please confirm this is correct and not a typo (e.g., should it be 30 minutes?)
  • Test end-to-end authentication flow - Login to the application, wait 30+ seconds, then attempt an authenticated action. Verify the token expires and the frontend correctly redirects to the login page
  • Verify frontend 401 handling - Confirm the axios interceptor in src/frontend/src/utils/api.js properly clears localStorage and redirects when receiving a 401 response
  • Consider production implications - If this is intended for production use, evaluate the user experience impact of requiring re-authentication every 30 seconds

Notes

  • Backend unit tests (7 JWT-related tests) all pass
  • The frontend already has error handling for 401 responses (lines 29-33 in src/frontend/src/utils/api.js)
  • This change affects all users of the application

Link to Devin run: https://app.devin.ai/sessions/099feb22514f472aa31b01fb2bf7a877
Requested by: jia.wu@codeium.com (@JRWu)

@devin-ai-integration @JRWu
Configure JWT tokens to expire after 30 seconds
27e8c12 
- Changed JWT_ACCESS_TOKEN_EXPIRES from timedelta(hours=24) to timedelta(seconds=30)
- Updated configuration in src/backend/config.py
- All existing backend tests pass successfully

Co-Authored-By: jia.wu@codeium.com <jia_wu@hotmail.ca>
@devin-ai-integration
Copy link
Author

devin-ai-integration bot commented Oct 14, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 14, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant