diff --git a/src/auth.rs b/src/auth.rs index eaa8d205..f750ae2f 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -1175,7 +1175,7 @@ impl AuthTokens { } // Create refresh_token and access_token with default validity - pub fn new(device: &Device, user: &User, sub: AuthMethod, client_id: Option) -> Self { + pub fn new(device: &Device, user: &User, sub: AuthMethod, client_id: Option, existing_refresh_claims: Option<&RefreshJwtClaims>) -> Self { let time_now = Utc::now(); let access_claims = LoginJwtClaims::default(device, user, &sub, client_id); @@ -1196,10 +1196,8 @@ impl AuthTokens { }; let refresh_claims = if CONFIG.disable_refresh_token_renewal() { - match decode_refresh(&device.refresh_token) { - Ok(original_claims) => original_claims, // reuse the original struct - Err(_) => default_refresh_claims, - } + // Use existing_refresh_claims if passed and config is enabled + existing_refresh_claims.cloned().unwrap_or(default_refresh_claims) } else { default_refresh_claims }; @@ -1241,14 +1239,14 @@ pub async fn refresh_tokens( let auth_tokens = match refresh_claims.sub { AuthMethod::Sso if CONFIG.sso_enabled() && CONFIG.sso_auth_only_not_session() => { - AuthTokens::new(&device, &user, refresh_claims.sub, client_id) + AuthTokens::new(&device, &user, refresh_claims.sub, client_id, refresh_claims) } AuthMethod::Sso if CONFIG.sso_enabled() => { sso::exchange_refresh_token(&device, &user, client_id, refresh_claims).await? } AuthMethod::Sso => err!("SSO is now disabled, Login again using email and master password"), AuthMethod::Password if CONFIG.sso_enabled() && CONFIG.sso_only() => err!("SSO is now required, Login again"), - AuthMethod::Password => AuthTokens::new(&device, &user, refresh_claims.sub, client_id), + AuthMethod::Password => AuthTokens::new(&device, &user, refresh_claims.sub, client_id, refresh_claims), _ => err!("Invalid auth method, cannot refresh token"), };