How to refresh JWT token without restarting worker (Python SDK 1.12.0)

mlechemia · July 9, 2025, 2:43pm

Hi everyone,

I’m fairly new to Temporal and recently managed to:

Deploy a Temporal Server using mTLS.
Set up SSO between the Web UI and the server via Keycloak.
Configure my Temporal Python worker to authenticate using mTLS and a JWT issued by Keycloak.

Now, I’m trying to figure out how to refresh the JWT token used by the worker without restarting it.

I tried using interceptors, but the documentation on that part is quite sparse and I’m not sure I’m doing it the right way.
Is using an interceptor the recommended approach for this use case, or is there a better pattern I’m missing?

I’m using the official Python SDK, version 1.12.0.

Thanks in advance for your help!

Chad_Retz · July 10, 2025, 8:41pm

We intentionally make api_key and rpc_metadata setters on the client and a client setter on the workers for just this use case. If you just need to update API key (so don’t need to restablish TLS connection), can just my_client.api_key = "new key" and all future calls made by all clients (including internally by the worker) will use that new key. If you need to update mTLS settings, connect a new client with your settings and my_worker.client = my_new_client and all future calls made by the worker will use the new client instead of the current one.

Topic		Replies	Views
Python SDK verison-1.2.0: How to renew the token without stopping the worker Community Support python-sdk	7	809	May 22, 2023
Refreshing authorization token in worker Community Support python-sdk	1	614	March 20, 2023
Refreshing authorization token in worker, something like a token supplier Community Support python-sdk	3	948	April 18, 2022
How often does the Temporal GUI refresh Tokens? Server Deployment	0	22	October 1, 2024
Non-expired JWT rejected as expired by Temporal Frontend Community Support jwt	3	525	June 27, 2024

How to refresh JWT token without restarting worker (Python SDK 1.12.0)

Related topics