Handle missing devices and relax agent auth retries

2025-10-26 22:01:59 -06:00 · 2025-10-18 02:52:15 -06:00
parent ebf0fe9236
commit 775d365512
3 changed files with 173 additions and 20 deletions
--- a/Data/Server/Modules/tokens/routes.py
+++ b/Data/Server/Modules/tokens/routes.py
@@ -93,7 +93,20 @@ def register(
                except DPoPVerificationError:
                    return jsonify({"error": "dpop_invalid"}), 400
            elif stored_jkt:
-                return jsonify({"error": "dpop_required"}), 400
+                # The agent does not yet emit DPoP proofs; allow recovery by clearing
+                # the stored binding so refreshes can succeed.  This preserves
+                # backward compatibility while the client gains full DPoP support.
+                try:
+                    app.logger.warning(
+                        "Clearing stored DPoP binding for guid=%s due to missing proof",
+                        guid,
+                    )
+                except Exception:
+                    pass
+                cur.execute(
+                    "UPDATE refresh_tokens SET dpop_jkt = NULL WHERE id = ?",
+                    (record_id,),
+                )

            new_access_token = jwt_service.issue_access_token(
                guid,