fix: agent token refresh returns 404 after server restart
The refresh endpoint required the agent to exist in the in-memory registry. After server restart the registry is empty, so all refresh attempts got 404. The refresh token itself is self-contained with subject, application, and roles — the registry lookup is optional. Now uses application from the JWT, falling back to registry only if the agent happens to be registered. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -173,17 +173,19 @@ public class AgentRegistrationController {
|
||||
return ResponseEntity.status(401).build();
|
||||
}
|
||||
|
||||
// Verify agent exists
|
||||
AgentInfo agent = registryService.findById(agentId);
|
||||
if (agent == null) {
|
||||
return ResponseEntity.notFound().build();
|
||||
}
|
||||
|
||||
// Preserve roles from refresh token
|
||||
// Preserve roles and application from refresh token
|
||||
List<String> roles = result.roles().isEmpty()
|
||||
? List.of("AGENT") : result.roles();
|
||||
String newAccessToken = jwtService.createAccessToken(agentId, agent.applicationId(), roles);
|
||||
String newRefreshToken = jwtService.createRefreshToken(agentId, agent.applicationId(), roles);
|
||||
String application = result.application() != null ? result.application() : "default";
|
||||
|
||||
// Try to get application from registry if available (agent may not be registered after server restart)
|
||||
AgentInfo agent = registryService.findById(agentId);
|
||||
if (agent != null) {
|
||||
application = agent.applicationId();
|
||||
}
|
||||
|
||||
String newAccessToken = jwtService.createAccessToken(agentId, application, roles);
|
||||
String newRefreshToken = jwtService.createRefreshToken(agentId, application, roles);
|
||||
|
||||
auditService.log(agentId, "agent_token_refresh", AuditCategory.AUTH, agentId,
|
||||
null, AuditResult.SUCCESS, httpRequest);
|
||||
|
||||
Reference in New Issue
Block a user