fix(chalice): debug refresh token

api/chalicelib/core/authorizers.py

@@ -28,6 +28,9 @@ def jwt_authorizer(scheme: str, token: str, leeway=0) -> dict | None:
     if scheme.lower() != "bearer":
         return None
     try:
+        logger.warning("Checking JWT token: %s", token)
+        logger.warning("Against: %s", config("JWT_SECRET") if not is_spot_token(token) else config("JWT_SPOT_SECRET"))
+        logger.warning(get_supported_audience())
         payload = jwt.decode(jwt=token,
                              key=config("JWT_SECRET") if not is_spot_token(token) else config("JWT_SPOT_SECRET"),
                              algorithms=config("JWT_ALGORITHM"),

api/chalicelib/core/users.py

@@ -627,9 +627,12 @@ def authenticate(email, password, for_change_password=False) -> dict | bool | No
         response = {
             "jwt": authorizers.generate_jwt(user_id=r['userId'], tenant_id=r['tenantId'], iat=j_r.jwt_iat,
                                             aud=AUDIENCE),
-            "refreshToken": authorizers.generate_jwt_refresh(user_id=r['userId'], tenant_id=r['tenantId'],
+            "refreshToken": authorizers.generate_jwt_refresh(user_id=r['userId'],
-                                                             iat=j_r.jwt_refresh_iat, aud=AUDIENCE,
+                                                             tenant_id=r['tenantId'],
-                                                             jwt_jti=j_r.jwt_refresh_jti),
+                                                             iat=j_r.jwt_refresh_iat,
+                                                             aud=AUDIENCE,
+                                                             jwt_jti=j_r.jwt_refresh_jti,
+                                                             for_spot=False),
             "refreshTokenMaxAge": config("JWT_REFRESH_EXPIRATION", cast=int),
             "email": email,
             "spotJwt": authorizers.generate_jwt(user_id=r['userId'], tenant_id=r['tenantId'],