Appears that Refresh Token expires?

[virgofx]

Hi team. First off, thanks for the great project.

We generated a token via the API (/security/login) which includes an access + refresh token. We stored the output of these as secure credentials in our CI environment. Things have been working great with this script in CI for the past 2 weeks. Then, all of a sudden we're getting 401 Unauthorized responses for /security/refresh calls.

Nothing has changed in our environment / users-wise.

I'm curious if the refresh tokens only last for 2 weeks now? Is there a way to generate longer lived API tokens somehow?

This issue is likely outside the scope of this project per-say; however, I couldn't find very detailed information on the API access tokens anywhere else and was curious if others had experienced this or had a workaround to generate tokens that could persist in CI at some longer/indefinite period.

/ping @one-data-cookie

/cc @bkimjin

[sweco]

Hey @virgofx, Superset uses flask-jwt-extended for managing access/refresh tokens. You can configure the refresh token expiry using the JWT_REFRESH_TOKEN_EXPIRES environment variable.

Docs: https://flask-jwt-extended.readthedocs.io/en/stable/options.html#jwt-refresh-token-expires

[virgofx]

Thanks so much @sweco ! This documentation helps and is perfect for us to resolve locally. 🎉