[BUG][AUTH]: Token created with no expiration returns 401 #2836
Description
🐞 Bug Summary
Token created with no expiration days - Error 401 when trying to use it
🧩 Affected Component
Select the area of the project impacted:
-
mcpgateway- API -
mcpgateway- UI (admin panel) -
mcpgateway.wrapper- stdio wrapper - Federation or Transports
- CLI, Makefiles, or shell scripts
- Container setup (Docker/Podman/Compose)
- Other (explain below)
🔁 Steps to Reproduce
- Go to http://localhost:4444/admin/#tokens
- Add a token Name
- Delete the default 30 days and leave it empty
- Click Create Token
- Used it in Swagger - example http://localhost:4444/docs#/Email%20Authentication/get_current_user_profile_auth_email_me_get
🤔 Results
Error 401
{
"detail": "Token is missing required expiration claim. Set REQUIRE_TOKEN_EXPIRATION=false to allow."
}
🤔 Expected Behavior
The API call should show the correct data.
📓 Logs / Error Output
Paste any relevant stack traces or logs here.
🧠 Environment Info
You can retrieve most of this from the /version endpoint.
| Key | Value |
|---|---|
| Version or commit | 0.128.5 |
| Runtime | Python 3.11 |
| Platform / OS | Linux 4.18.0-372.64.1.el8_6.x86_64 (x86_64) |
| Container | none |
🧩 Additional Context (optional)
Add any configuration details, flags, or related issues.