mathias/gitea-mcp
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

auth: JWKS cache refresh interval is hardcoded at 1 hour #8

New Issue
Open
opened 2026-05-14 08:44:14 +00:00 by mathias · 0 comments
mathias commented 2026-05-14 08:44:14 +00:00
Owner
Copy Link

The JWKS refresh interval is hardcoded at 1 hour in jwt.go. If Dex rotates signing keys, gitea-mcp will reject valid JWTs issued with the new key for up to 60 minutes.

File: internal/auth/jwt.go:44

Suggestion:

  • Make configurable via JWKS_REFRESH_INTERVAL env var (e.g. 15m, 1h)
  • Default to current 1h to preserve existing behaviour
  • Log the configured value at startup
The JWKS refresh interval is hardcoded at 1 hour in `jwt.go`. If Dex rotates signing keys, gitea-mcp will reject valid JWTs issued with the new key for up to 60 minutes. **File:** `internal/auth/jwt.go:44` **Suggestion:** - Make configurable via `JWKS_REFRESH_INTERVAL` env var (e.g. `15m`, `1h`) - Default to current 1h to preserve existing behaviour - Log the configured value at startup
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
mathias
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mathias/gitea-mcp#8
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?