From 6106207039da1d6d14470273bf5522de9c39d1b0 Mon Sep 17 00:00:00 2001
From: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
Date: Fri, 10 Oct 2025 00:39:37 -0700
Subject: [PATCH] Fix/token exp when exchange (#26707)

---
 api/controllers/web/passport.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/api/controllers/web/passport.py b/api/controllers/web/passport.py
index 5fda1b2d52..35f886cbc8 100644
--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@@ -127,6 +127,8 @@ def exchange_token_for_existing_web_user(app_code: str, enterprise_user_decoded:
     end_user_id = enterprise_user_decoded.get("end_user_id")
     session_id = enterprise_user_decoded.get("session_id")
     user_auth_type = enterprise_user_decoded.get("auth_type")
+    exchanged_token_expires_unix = enterprise_user_decoded.get("exp")
+
     if not user_auth_type:
         raise Unauthorized("Missing auth_type in the token.")
 
@@ -170,8 +172,11 @@ def exchange_token_for_existing_web_user(app_code: str, enterprise_user_decoded:
         )
         db.session.add(end_user)
         db.session.commit()
-    exp_dt = datetime.now(UTC) + timedelta(minutes=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES)
-    exp = int(exp_dt.timestamp())
+
+    exp = int((datetime.now(UTC) + timedelta(minutes=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES)).timestamp())
+    if exchanged_token_expires_unix:
+        exp = int(exchanged_token_expires_unix)
+
     payload = {
         "iss": site.id,
         "sub": "Web API Passport",