vrr/SurfSense
2
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-05-05 23:42:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix JWT audience validation when creating refresh token

Browse source
This commit is contained in:
CREDO23 2026-02-05 18:11:33 +02:00
parent 233852b681
commit 287e5afbac
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
surfsense_backend/app/users.py
View file

@ -219,7 +219,7 @@ class CustomBearerTransport(BearerTransport):
# Decode JWT to get user_id for refresh token creation
try:
payload = jwt.decode(token, SECRET, algorithms=["HS256"])
payload = jwt.decode(token, SECRET, algorithms=["HS256"], options={"verify_aud": False})
user_id = uuid.UUID(payload.get("sub"))
refresh_token = await create_refresh_token(user_id)
except Exception as e: