From 52a5ebd7f887f4625d534aea16935419befac16b Mon Sep 17 00:00:00 2001
From: Paolo Di Tommaso <paolo.ditommaso@gmail.com>
Date: Fri, 20 Dec 2024 13:40:17 +0100
Subject: [PATCH] Fix JWT token refresh

Signed-off-by: Paolo Di Tommaso <paolo.ditommaso@gmail.com>
---
 .../groovy/io/seqera/wave/tower/auth/JwtMonitor.groovy     | 7 ++++++-
 .../groovy/io/seqera/wave/tower/client/TowerClient.groovy  | 4 +++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main/groovy/io/seqera/wave/tower/auth/JwtMonitor.groovy b/src/main/groovy/io/seqera/wave/tower/auth/JwtMonitor.groovy
index 5ed82a503..ec4701c69 100644
--- a/src/main/groovy/io/seqera/wave/tower/auth/JwtMonitor.groovy
+++ b/src/main/groovy/io/seqera/wave/tower/auth/JwtMonitor.groovy
@@ -118,7 +118,12 @@ class JwtMonitor implements Runnable {
         }
 
         log.trace "JWT refresh request - entry=$entry; deadline=$deadline"
-        towerClient.userInfo(entry.endpoint, entry)
+        try {
+            // note: use 'force' to ignore client cache and refresh the jwt token 
+            towerClient.userInfo(entry.endpoint, entry, true)
+        } catch (Throwable t) {
+            log.error("Unexpected error in JWT heartbeat while processing entry: ${entry}", t)
+        }
         jwtTimeStore.setRefreshTimer(key)
     }
 
diff --git a/src/main/groovy/io/seqera/wave/tower/client/TowerClient.groovy b/src/main/groovy/io/seqera/wave/tower/client/TowerClient.groovy
index ef616f7ed..90dc0e7da 100644
--- a/src/main/groovy/io/seqera/wave/tower/client/TowerClient.groovy
+++ b/src/main/groovy/io/seqera/wave/tower/client/TowerClient.groovy
@@ -66,8 +66,10 @@ class TowerClient {
         return cache.getOrCompute(cacheKey, (k)-> getAsync(uri, endpoint, auth, type).get())
     }
 
-    UserInfoResponse userInfo(String towerEndpoint, JwtAuth authorization) {
+    UserInfoResponse userInfo(String towerEndpoint, JwtAuth authorization, boolean force=false) {
         final uri = userInfoEndpoint(towerEndpoint)
+        if( force )
+            return getAsync(uri, towerEndpoint, authorization, UserInfoResponse).get()
         final k = RegHelper.sipHash(uri, authorization.key, null, null)
         // NOTE: it assumes the user info metadata does nor change over time
         // and therefore the *long* expiration cached is used