You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In 2.5 years or if we rotate the bearer token signing keys, bearer tokens will become expired and/or invalid, resulting in widespread 401 Unauthorized responses from our containerized services. In the case of expiration, WDK will issue a new guest token which will replace the expired token, but for key rotation it will return 401 (this API can be changed, of course).
In these cases, the client will need to notice a 401 when already submitting an Authorization cookie, and "log the user out", meaning remove the existing Authorization cookie, then resubmit to any WDK endpoint to get a new guest token. If you'd rather a different logic/API, we can discuss. For consistency, maybe WDK should NOT issue a new guest for an expired token and return 401 like everywhere else.
The text was updated successfully, but these errors were encountered:
In 2.5 years or if we rotate the bearer token signing keys, bearer tokens will become expired and/or invalid, resulting in widespread 401 Unauthorized responses from our containerized services. In the case of expiration, WDK will issue a new guest token which will replace the expired token, but for key rotation it will return 401 (this API can be changed, of course).
In these cases, the client will need to notice a 401 when already submitting an Authorization cookie, and "log the user out", meaning remove the existing Authorization cookie, then resubmit to any WDK endpoint to get a new guest token. If you'd rather a different logic/API, we can discuss. For consistency, maybe WDK should NOT issue a new guest for an expired token and return 401 like everywhere else.
The text was updated successfully, but these errors were encountered: