From 273ea5df234b7405dfaed9895f9a9cc384c0031d Mon Sep 17 00:00:00 2001
From: andres-portainer <91705312+andres-portainer@users.noreply.github.com>
Date: Mon, 2 Sep 2024 12:06:44 -0300
Subject: [PATCH] fix(jwt): generate JWT IDs BE-11179 (#12176)

---
 api/jwt/jwt.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/api/jwt/jwt.go b/api/jwt/jwt.go
index 741b44374..8f8a9bd0f 100644
--- a/api/jwt/jwt.go
+++ b/api/jwt/jwt.go
@@ -7,9 +7,10 @@ import (
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-
-	"github.com/golang-jwt/jwt/v4"
 	"github.com/portainer/portainer/api/internal/securecookie"
+
+	"github.com/gofrs/uuid"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/rs/zerolog/log"
 )
 
@@ -174,6 +175,11 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
 		expiresAt = time.Now().Add(time.Hour * 8760 * 99).Unix()
 	}
 
+	uuid, err := uuid.NewV4()
+	if err != nil {
+		return "", fmt.Errorf("unable to generate the JWT ID: %w", err)
+	}
+
 	cl := claims{
 		UserID:              int(data.ID),
 		Username:            data.Username,
@@ -181,6 +187,7 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
 		Scope:               scope,
 		ForceChangePassword: data.ForceChangePassword,
 		StandardClaims: jwt.StandardClaims{
+			Id:        uuid.String(),
 			ExpiresAt: expiresAt,
 			IssuedAt:  time.Now().Unix(),
 		},