From 9ec0ea08bb8b108fbd4a95323e976471e361fd89 Mon Sep 17 00:00:00 2001
From: "Thibault \"bui\" Koechlin" <thibault@crowdsec.net>
Date: Thu, 14 Jan 2021 16:04:10 +0100
Subject: [PATCH] fix jwt token desynchronization between crowdsec and lapi
 (#572)

---
 pkg/apiclient/auth.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/apiclient/auth.go b/pkg/apiclient/auth.go
index 1313e05cc..8c43ea39b 100644
--- a/pkg/apiclient/auth.go
+++ b/pkg/apiclient/auth.go
@@ -189,10 +189,10 @@ func (t *JWTTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	resp, err := t.transport().RoundTrip(req)
 	if log.GetLevel() >= log.TraceLevel {
 		dump, _ := httputil.DumpResponse(resp, true)
-		log.Tracef("resp-jwt: %s", string(dump))
+		log.Tracef("resp-jwt: %s (err:%s)", string(dump), err)
 	}
-	if err != nil {
-		/*we had an error, reset the token ?*/
+	if err != nil || resp.StatusCode == 401 {
+		/*we had an error (network error for example, or 401 because token is refused), reset the token ?*/
 		t.token = ""
 		return resp, errors.Wrapf(err, "performing jwt auth")
 	}