[PR #4371] [CLOSED] JWT Refresh Token #2833

New Issue

Closed

opened 2025-10-09 18:12:21 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2025-10-09 18:12:21 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/4371
Author: @Timshel
Created: 2/21/2024
Status: ❌ Closed

Base: main ← Head: feature/jwt_refresh

---

📝 Commits (2)

• 7523e00 JWT Refresh Token
• 2467e91 Improve error message

📊 Changes

5 files changed (+257 additions, -111 deletions)

View changed files

📝 src/api/identity.rs (+51 -51)
📝 src/api/mod.rs (+1 -1)
📝 src/auth.rs (+198 -1)
📝 src/db/models/device.rs (+3 -58)
📝 src/error.rs (+4 -0)

📄 Description

To facilitate review decided to move out the switch to a JWT refresh_token from the sso PR https://github.com/dani-garcia/vaultwarden/pull/3899.

Without the SSO logic it's not the most useful still :

• Add an expiration on the refresh_token (work like an idle timer reset when a new access_token is generated).
• Store the information of the AuthMethod in the token (Password ...).

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/4371 **Author:** [@Timshel](https://github.com/Timshel) **Created:** 2/21/2024 **Status:** ❌ Closed **Base:** `main` ← **Head:** `feature/jwt_refresh` --- ### 📝 Commits (2) - [`7523e00`](https://github.com/dani-garcia/vaultwarden/commit/7523e00fbc0defd3bddbb7b7546387c640eaddba) JWT Refresh Token - [`2467e91`](https://github.com/dani-garcia/vaultwarden/commit/2467e9178a403a5b06cea4d80024578b735401cd) Improve error message ### 📊 Changes **5 files changed** (+257 additions, -111 deletions) <details> <summary>View changed files</summary> 📝 `src/api/identity.rs` (+51 -51) 📝 `src/api/mod.rs` (+1 -1) 📝 `src/auth.rs` (+198 -1) 📝 `src/db/models/device.rs` (+3 -58) 📝 `src/error.rs` (+4 -0) </details> ### 📄 Description To facilitate review decided to move out the switch to a JWT refresh_token from the sso PR https://github.com/dani-garcia/vaultwarden/pull/3899. Without the SSO logic it's not the most useful still : - Add an expiration on the `refresh_token` (work like an idle timer reset when a new access_token is generated). - Store the information of the `AuthMethod` in the token (`Password` ...). --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

OVERLORD added the pull-request label 2025-10-09 18:12:22 +03:00

OVERLORD closed this issue 2025-10-09 18:12:23 +03:00

OVERLORD referenced this issue 2025-10-09 18:18:17 +03:00

[PR #2834] [MERGED] Fix master password hint update not working. #3166

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#2833