Implement session token refresh #71

New issue

Open

opened 2026-03-03 15:18:21 -08:00 by fable · 0 comments

fable commented 2026-03-03 15:18:21 -08:00

Contributor

Copy link

After a successful ATProto OAuth login, we discard the ATProto tokens and rely exclusively on the microclimate JWT for authentication. That JWT expires after 24 hours, so the client needs a way to renew it without repeating the full browser-based OAuth flow.

Add a RefreshSession RPC to AuthService that:

• Accepts the current (possibly-expired) microclimate JWT
• Verifies it was validly issued by this server (signature check, ignoring expiry)
• Looks up the corresponding OAuthSession in the auth store by DID
• Issues a fresh JWT with a new 24-hour expiry

The client should call this proactively before expiry (e.g. on app resume / reconnect).

Related to #9.

After a successful ATProto OAuth login, we discard the ATProto tokens and rely exclusively on the microclimate JWT for authentication. That JWT expires after 24 hours, so the client needs a way to renew it without repeating the full browser-based OAuth flow. Add a `RefreshSession` RPC to `AuthService` that: - Accepts the current (possibly-expired) microclimate JWT - Verifies it was validly issued by this server (signature check, ignoring expiry) - Looks up the corresponding `OAuthSession` in the auth store by DID - Issues a fresh JWT with a new 24-hour expiry The client should call this proactively before expiry (e.g. on app resume / reconnect). Related to #9.

puregarlic added the

enhancement

area

server

labels 2026-03-03 15:25:49 -08:00

puregarlic added this to the Ludwig (MVP) milestone 2026-03-03 15:25:51 -08:00

puregarlic added this to the Feature Development project 2026-03-03 15:28:10 -08:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

issue/9

issue/9-server

issue/42

issue/59-extract-sidebar

issue-38/use-inset-sidebar

issue/3

issue/34

issue/27

issues/10-server-url

issues/3-channel-ui

issue/25

issue/11

7-channel-display-sidebar

7-channel-display-sidebar-two

issue/21

27-frontend-libs

issue/6-channel-status-procedure

issue/17-client-setup

issue/2

No results found.

Labels

Clear labels   

area

client

Concerns the Tauri app

  

area

server

Concerns the server component

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

ui

Involves updating the client UI

  

wontfix

This won't be fixed

No labels

area

client

area

server

bug

duplicate

enhancement

help wanted

invalid

question

ui

wontfix

Milestone

Clear milestone

No items

No milestone

Ludwig (MVP)

Projects

Clear projects

No items

No project

Feature Development

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

puregarlic/microclimate#71

No description provided.