Token change when unlog/relog

[alienlebarge]

Describe the bug

When unloging en relogin to indiekit, the token change

To reproduce

Steps to reproduce the behaviour:

1. unlog
2. relog

Expected behaviour

The token should stay the same

Screenshots or logs

https://user-images.githubusercontent.com/611234/183216230-0ff39e07-d34e-4295-b653-4ff6220ae08c.mp4

Environment

• Indiekit version: v1.0.0-alpha.12 https://github.com/alienlebarge/alb-indiekit
• Server/host: Heroku
• Content store URL: https://github.com/alienlebarge/alienlebargech-v3
• Publication URL: https://alienlebarge.ch

Additional context

• Same initial bug as #450

[alienlebarge]

Temporary fix how make syndication work either

1. Log in indiekit.yoursite.com and do not unlog
2. Copy/paste the token
3. Update outgoing webook in Netlify with the token
4. Trigger a build in build in Netlify

[paulrobertlloyd]

This is the expected behaviour, at least for now.

When you log in, a new authorisation request is made and a new token generated. If you inspect the generated tokens at https://jwt.io you’ll note that the only values that change are for iat (issued at) and exp (expires), each a unix epoch value. The built in token endpoint creates tokens that expire after 90 days.

Any generated token that has not expired is valid, so it shouldn’t matter that the token used in your Netlify ping URL is different to that seen on the status page.

In the future, it might be possible to store the generated token to allow it to persist, but that’s a whole new world of pain, and I’m still getting my head around the auth process as it is!

If nothing’s breaking, then having different tokens floating about isn’t too much of an issue, I don’t think.

[alienlebarge]

Thank you for the explanations. I understand better how it works now. I thought there was only one valid token at a time.