From 48b1ab010e45e77bd4a75dd305d1764a7df57657 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20Papp?= Date: Tue, 19 May 2026 17:35:56 +0200 Subject: [PATCH] make ExtendAuthSession JWT-retry backoff cancellable Skip the retry log and 200ms wait on the final attempt, and replace the uncancellable time.Sleep with a select on time.After/ctx.Done so an upstream cancellation aborts the wait instead of running it to completion. --- management/internals/shared/grpc/server.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/management/internals/shared/grpc/server.go b/management/internals/shared/grpc/server.go index 85ea8cd44..6ffce109f 100644 --- a/management/internals/shared/grpc/server.go +++ b/management/internals/shared/grpc/server.go @@ -845,13 +845,21 @@ func (s *Server) ExtendAuthSession(ctx context.Context, req *proto.EncryptedMess } var userID string - for i := 0; i < 3; i++ { + const attempts = 3 + for i := 0; i < attempts; i++ { userID, err = s.validateToken(ctx, peerKey.String(), jwt) if err == nil { break } + if i == attempts-1 { + break + } log.WithContext(ctx).Warnf("failed validating JWT token while extending session for peer %s: %v. Retrying (idP cache).", peerKey.String(), err) - time.Sleep(200 * time.Millisecond) + select { + case <-time.After(200 * time.Millisecond): + case <-ctx.Done(): + return nil, ctx.Err() + } } if err != nil { return nil, err