server/AyaNova/Controllers/AuthController.cs

@@ -676,7 +676,7 @@ namespace AyaNova.Api.Controllers
                             { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
                             { "iss", "ayanova.com" },
                             { "id", "1"},
-                            { "int","1" }
+                            { "j","1" }
                         };
             return Jose.JWT.Encode(payload, secretKey, Jose.JwsAlgorithm.HS256);
         }

server/AyaNova/Startup.cs

@@ -257,7 +257,7 @@ namespace AyaNova
             //so in that case users need to specify an AyaNova_JWT_SECRET environment variable
             if (string.IsNullOrWhiteSpace(secretKey))
             {
-                 _newLog.LogWarning("AYANOVA_JWT_SECRET configuration setting is missing; AyaNova will randomly generate one. Any Users who were logged in when the server restarted will need to login to get a fresh auth token. See manual 'AYANOVA_JWT_SECRET' page for details.");
+                _newLog.LogWarning("AYANOVA_JWT_SECRET configuration setting is missing; AyaNova will randomly generate one. Any Users who were logged in when the server restarted will need to login to get a fresh auth token. See manual 'AYANOVA_JWT_SECRET' page for details.");
                 secretKey = Util.Hasher.GenerateSalt();
             }
             //WAS "UNLICENSED5G*QQJ8#bQ7$Xr_@sXfHq4"
@@ -469,7 +469,7 @@ namespace AyaNova
                     context.Request.HttpContext.Items["AY_TRANSLATION_ID"] = u.translationId;
                     context.Request.HttpContext.Items["AY_USER_TYPE"] = u.UserType;
 
-                    var currentAuthToken=u.currentAuthToken;
+                    var currentAuthToken = u.currentAuthToken;
 
                     //turned out didn't need this for v8 migrate so far, but keeping in case it turns out to be handy down the road
                     // //Is import mode header set?
@@ -484,6 +484,21 @@ namespace AyaNova
                         u.currentAuthToken != JWT
                     )//except "/api/v8/auth" and prelogin notify/hello routes so user can login
                     {
+
+                        //It may be a local report render request from a job
+                        if (context.Request.Host.Host == "127.0.0.1")
+                        {
+                            //check if token has j value set
+                            if (context.Request.IsLocal())
+                            {
+                                if (context.User.Claims.FirstOrDefault(c => c.Type == "j") != null)
+                                {
+                                    //it's a local request, the jwt already passed earlier so we issued it and it has the correct claim set so allow it
+                                    await next.Invoke();
+                                }
+                            }
+                        }
+
                         context.Response.StatusCode = 401;
                         context.Response.Headers.Add("X-AyaNova-Authorization-Error", "E2004 - Authorization token replaced by more recent login");
                         await context.Response.WriteAsync("E2004 - Authorization token replaced by more recent login");
@@ -610,7 +625,7 @@ namespace AyaNova
                 AyaNova.Core.License.FetchKeyAsync(apiServerState, dbContext, _newLog, true, true).Wait();
                 var seed = new Util.Seeder();
                 seed.SeedDatabaseAsync(Seeder.Level.StringToSeedLevel(ServerBootConfig.AYANOVA_SERVER_TEST_MODE_SEEDLEVEL), ServerBootConfig.AYANOVA_SERVER_TEST_MODE_TZ_OFFSET).Wait();
-               // _newLog.LogInformation("Seeding completed");
+                // _newLog.LogInformation("Seeding completed");
             }
 #endif