feat(auth): extend refresh TTL and keep session on transient errors

Bumps refresh token lifetime to 720h with env overrides, and stops
clearing the local session for non-401 refresh failures so users aren't
logged out by transient network blips. Adds a 60s retry timer when a
refresh fails for non-auth reasons.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-25 18:09:01 +08:00
parent 7e78b031d7
commit d1f2a14477
9 changed files with 115 additions and 12 deletions
+2
View File
@@ -127,6 +127,8 @@ object_storage:
jwt:
secret: "your-local-secret"
access_ttl: 15m
refresh_ttl: 720h
llm:
provider: ark
+1 -1
View File
@@ -137,7 +137,7 @@ cache:
jwt:
secret: "dev-secret-change-in-production"
access_ttl: 15m
refresh_ttl: 168h
refresh_ttl: 720h
log:
level: debug,info,warn,error