From b4737fdd77a65eae70dde5f79b1fcbfbcf9feb93 Mon Sep 17 00:00:00 2001
From: Philip Lykke Carlsen <plcplc@gmail.com>
Date: Wed, 12 Jun 2024 14:17:40 +0200
Subject: [PATCH] Revise JWK refresh documentation

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/10863
GitOrigin-RevId: 3de651232cd5d3b5a5e4c78e90afc2cad063fcbf
---
 docs/docs/auth/authentication/jwt.mdx    | 6 +++---
 server/src-lib/Hasura/Server/Auth/JWT.hs | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/docs/auth/authentication/jwt.mdx b/docs/docs/auth/authentication/jwt.mdx
index cb17a3db620..d40df6f8223 100644
--- a/docs/docs/auth/authentication/jwt.mdx
+++ b/docs/docs/auth/authentication/jwt.mdx
@@ -228,13 +228,13 @@ The following is the behavior in detail:
 
     If it is unable to parse those values, then it will not refresh the JWKs (it assumes that if the above headers are
     not present, the provider doesn't rotate their JWKs). If the parsed time is less than a second, the JWKs
-    will be fetched once per second regardless.
+    will be fetched once per minute regardless.
 
     If `must-revalidate` and `max-age` are present, then it will refresh the JWK again after the time period specified
     in `max-age` has passed.
 
     However, if `max-age` is not specified or if `no-cache` or `no-store` are present, then it will refresh the JWKs
-    once a second.
+    once every minute.
 
 ##### JWK procedure while running
 
@@ -245,7 +245,7 @@ The following is the behavior in detail:
        as a timestamp.
 
 2.  If it is able to parse any of the above successfully, then it will use that parsed time to refetch the JWKs
-    again. If it is unable to parse any values, then it will sleep for 1 minute and then start another refresh cycle.
+    again. If it is unable to parse any values, then it will sleep for one minute and then start another refresh cycle.
 
 ##### JWK publisher URLs
 
diff --git a/server/src-lib/Hasura/Server/Auth/JWT.hs b/server/src-lib/Hasura/Server/Auth/JWT.hs
index bc3bb7dac47..fc26886a915 100644
--- a/server/src-lib/Hasura/Server/Auth/JWT.hs
+++ b/server/src-lib/Hasura/Server/Auth/JWT.hs
@@ -371,7 +371,7 @@ fetchAndUpdateJWKs logger httpManager url jwkRef = do
         Just expiryTime -> liftIO $ writeIORef jwkRef (jwkSet, Just expiryTime)
   where
     logNotice = do
-      let err = JwkRefreshLog LevelInfo (Just "Either the expiry is not present or cannot be parsed (retrying again after 1 second)") Nothing
+      let err = JwkRefreshLog LevelInfo (Just "Either the expiry is not present or cannot be parsed (retrying again after 60 seconds)") Nothing
       liftIO $ unLogger logger err
 
 -- | Given a JWK url, fetch JWK from it