From 61526c027d2ee0c9e323aa64c76a49087eeb7412 Mon Sep 17 00:00:00 2001
From: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com>
Date: Wed, 18 Jun 2025 09:37:49 +0800
Subject: [PATCH] [Bug] fix misusing ACCESS_TOKEN_EXPIRE_MINUTES in jwt on exp
 (#21030)

Co-authored-by: tech <cto@sb>
---
 api/controllers/web/passport.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/controllers/web/passport.py b/api/controllers/web/passport.py
index 9d229185f..10c3cdcf0 100644
--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@@ -163,7 +163,7 @@ def exchange_token_for_existing_web_user(app_code: str, enterprise_user_decoded:
         )
         db.session.add(end_user)
         db.session.commit()
-    exp_dt = datetime.now(UTC) + timedelta(hours=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES * 24)
+    exp_dt = datetime.now(UTC) + timedelta(minutes=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES)
     exp = int(exp_dt.timestamp())
     payload = {
         "iss": site.id,