cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: return rotated refresh token from agent token refresh endpoint
All checks were successful
CI / build (push) Successful in 1m22s
Details
CI / cleanup-branch (push) Has been skipped
Details
CI / docker (push) Successful in 56s
Details
CI / deploy (push) Successful in 47s
Details
CI / deploy-feature (push) Has been skipped
Details

Browse Source 
Previously the refresh endpoint only returned a new accessToken, causing
agents to lose their refreshToken after the first refresh cycle and
forcing a full re-registration every ~2 hours.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-03-18 16:44:16 +01:00
parent 4085f42160
commit 17ef48e392
5 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java
View File

@@ -159,8 +159,9 @@ public class AgentRegistrationController {
List<String> roles = result.roles().isEmpty()
? List.of("AGENT") : result.roles();
String newAccessToken = jwtService.createAccessToken(agentId, agent.group(), roles);
String newRefreshToken = jwtService.createRefreshToken(agentId, agent.group(), roles);
return ResponseEntity.ok(new AgentRefreshResponse(newAccessToken));
return ResponseEntity.ok(new AgentRefreshResponse(newAccessToken, newRefreshToken));
}
@PostMapping("/{id}/heartbeat")

4
cameleer3-server-app/src/main/java/com/cameleer3/server/app/dto/AgentRefreshResponse.java
View File

@@ -3,5 +3,5 @@ package com.cameleer3.server.app.dto;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.constraints.NotNull;
@Schema(description = "Refreshed access token")
public record AgentRefreshResponse(@NotNull String accessToken) {}
@Schema(description = "Refreshed access and refresh tokens")
public record AgentRefreshResponse(@NotNull String accessToken, @NotNull String refreshToken) {}

2
cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/JwtRefreshIT.java
View File

@@ -79,6 +79,8 @@ class JwtRefreshIT extends AbstractPostgresIT {
JsonNode body = objectMapper.readTree(response.getBody());
assertThat(body.get("accessToken").asText()).isNotEmpty();
assertThat(body.get("refreshToken").asText()).isNotEmpty();
assertThat(body.get("refreshToken").asText()).isNotEqualTo(refreshToken);
}
@Test

8
ui/src/api/openapi.json
View File

@@ -2913,14 +2913,18 @@
},
"AgentRefreshResponse": {
"type": "object",
"description": "Refreshed access token",
"description": "Refreshed access and refresh tokens",
"properties": {
"accessToken": {
"type": "string"
},
"refreshToken": {
"type": "string"
}
},
"required": [
"accessToken"
"accessToken",
"refreshToken"
]
},
"CommandRequest": {

3
ui/src/api/schema.d.ts vendored
View File

@@ -1069,9 +1069,10 @@ export interface components {
AgentRefreshRequest: {
refreshToken: string;
};
/** @description Refreshed access token */
/** @description Refreshed access and refresh tokens */
AgentRefreshResponse: {
accessToken: string;
refreshToken: string;
};
/** @description Command to send to agent(s) */
CommandRequest: {