🌱 Add auth token refresh to Binding #592
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was no logic to refresh auth token needed for longer-time tasks (e.g. tests). Adding this method to RichCLient. To be able use Token Refresh method, it was needed keep whole api.Login struct as part of client to have refresh token. Related to konveyor/go-konveyor-tests#71 Signed-off-by: Marek Aufart <[email protected]>
Signed-off-by: Marek Aufart <[email protected]>
aufi
changed the title
|
Lets leverage the existing retry mechanism and refresh the token on demand. In Client.send(), on 401 (not authorized) refresh the token when defined (!= ""). |
Signed-off-by: Marek Aufart <[email protected]>
aufi
force-pushed
the
binding-token-refresh
branch
from
3136f14 to
335fd9b
Compare
Signed-off-by: Marek Aufart <[email protected]>
aufi
force-pushed
the
binding-token-refresh
branch
from
42da159 to
dab0f9e
Compare
jortel
reviewed
Jan 30, 2024
| @@ -83,7 +83,7 @@ type Client struct { | |||
| // baseURL for the nub. | |||
| baseURL string | |||
| // addon API token | |||
| token string | |||
There was a problem hiding this comment.
Why does the client need the Login?
There was a problem hiding this comment.
It needs the Refresh token to perform the auth token refresh API call. api.Login contains all data returned from login (auth token, refresh token, expiration time).
There was a problem hiding this comment.
Calling token refresh with "normal" expired token returns 401, so it is needed to use Refresh token (originally returned by Login call).
Example success with Refresh token
...
# 29
=== RUN TestTaskCRUD/Test_windup_task#29
time=2024-02-06T15:47:17+01:00 level=info msg=[binding] |201| POST /hub/tasks
time=2024-02-06T15:47:17+01:00 level=info msg=[binding] |200| GET /hub/tasks/1
time=2024-02-06T15:47:17+01:00 level=info msg=[binding] |204| PUT /hub/tasks/1
time=2024-02-06T15:47:17+01:00 level=info msg=[binding] |200| GET /hub/tasks/1
time=2024-02-06T15:47:17+01:00 level=info msg=[binding] |204| DELETE /hub/tasks/1
time=2024-02-06T15:47:17+01:00 level=info msg=[binding] |404| GET /hub/tasks/1
# 30
=== RUN TestTaskCRUD/Test_windup_task#30
time=2024-02-06T15:47:27+01:00 level=info msg=[binding] |401| POST /hub/tasks
time=2024-02-06T15:47:27+01:00 level=info msg=[binding] |201| POST /hub/auth/refresh
time=2024-02-06T15:47:27+01:00 level=info msg=[binding] |201| POST /hub/tasks
time=2024-02-06T15:47:27+01:00 level=info msg=[binding] |200| GET /hub/tasks/1
time=2024-02-06T15:47:27+01:00 level=info msg=[binding] |204| PUT /hub/tasks/1
time=2024-02-06T15:47:27+01:00 level=info msg=[binding] |200| GET /hub/tasks/1
time=2024-02-06T15:47:27+01:00 level=info msg=[binding] |204| DELETE /hub/tasks/1
time=2024-02-06T15:47:27+01:00 level=info msg=[binding] |404| GET /hub/tasks/1
# 31
=== RUN TestTaskCRUD/Test_windup_task#31
time=2024-02-06T15:47:37+01:00 level=info msg=[binding] |201| POST /hub/tasks
time=2024-02-06T15:47:37+01:00 level=info msg=[binding] |200| GET /hub/tasks/1
time=2024-02-06T15:47:37+01:00 level=info msg=[binding] |204| PUT /hub/tasks/1
time=2024-02-06T15:47:37+01:00 level=info msg=[binding] |200| GET /hub/tasks/1
time=2024-02-06T15:47:37+01:00 level=info msg=[binding] |204| DELETE /hub/tasks/1
time=2024-02-06T15:47:37+01:00 level=info msg=[binding] |404| GET /hub/tasks/1
Failure with just "normal" expired token
...
# 29
=== RUN TestTaskCRUD/Test_windup_task#29
time=2024-02-06T15:41:37+01:00 level=info msg=[binding] |201| POST /hub/tasks
time=2024-02-06T15:41:37+01:00 level=info msg=[binding] |200| GET /hub/tasks/1
time=2024-02-06T15:41:37+01:00 level=info msg=[binding] |204| PUT /hub/tasks/1
time=2024-02-06T15:41:37+01:00 level=info msg=[binding] |200| GET /hub/tasks/1
time=2024-02-06T15:41:37+01:00 level=info msg=[binding] |204| DELETE /hub/tasks/1
time=2024-02-06T15:41:37+01:00 level=info msg=[binding] |404| GET /hub/tasks/1
# 30
=== RUN TestTaskCRUD/Test_windup_task#30
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| POST /hub/tasks
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| POST /hub/auth/refresh
api_test.go:20: POST /hub/tasks failed: 401(Unauthorized)
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| GET /hub/tasks/0
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| POST /hub/auth/refresh
api_test.go:26: GET /hub/tasks/0 failed: 401(Unauthorized)
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| PUT /hub/tasks/0
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| POST /hub/auth/refresh
api_test.go:36: PUT /hub/tasks/0 failed: 401(Unauthorized)
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| GET /hub/tasks/0
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| POST /hub/auth/refresh
api_test.go:41: GET /hub/tasks/0 failed: 401(Unauthorized)
api_test.go:44: Different response error. Got , expected Updated Test windup task
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| DELETE /hub/tasks/0
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| POST /hub/auth/refresh
api_test.go:50: DELETE /hub/tasks/0 failed: 401(Unauthorized)
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| GET /hub/tasks/0
time=2024-02-06T15:41:47+01:00 level=info msg=[binding] |401| POST /hub/auth/refresh
# 31
=== RUN TestTaskCRUD/Test_windup_task#31
time=2024-02-06T15:41:57+01:00 level=info msg=[binding] |401| POST /hub/tasks
time=2024-02-06T15:41:57+01:00 level=info msg=[binding] |401| POST /hub/auth/refresh
api_test.go:20: POST /hub/tasks failed: 401(Unauthorized)
time=2024-02-06T15:41:57+01:00 level=info msg=[binding] |401| GET /hub/tasks/0
time=2024-02-06T15:41:57+01:00 level=info msg=[binding] |401| POST /hub/auth/refresh
api_test.go:26: GET /hub/tasks/0 failed: 401(Unauthorized)
...
jortel
reviewed
Jan 30, 2024
jortel
reviewed
Jan 30, 2024
Signed-off-by: Marek Aufart <[email protected]>
aufi
force-pushed
the
binding-token-refresh
branch
from
acf33df to
4860b42
Compare
Signed-off-by: Marek Aufart <[email protected]>
|
@jortel Thanks for your review&inputs. The PR was updated with changes you suggested. One open thing is the storage of the refresh token together with "normal" auth token. I can understand that using api.Login{} directly in client might not look the best, but I think we do need store these data within the client and api.Login struct allows set the login action response directly to the client. But I'm open to creating an own struct within binding client to keep tokens or a separate field for refresh token if needed. |
aufi
added a commit
to aufi/go-konveyor-tests
that referenced
this pull request
Feb 12, 2024
Updating hub dependency to latest version that provides automatic auth token refresh logic added in konveyor/tackle2-hub#592 Fixes: konveyor#71 Signed-off-by: Marek Aufart <[email protected]>
aufi
added a commit
to konveyor/go-konveyor-tests
that referenced
this pull request
Feb 13, 2024
* Update Hub for auth token refresh Updating hub dependency to latest version that provides automatic auth token refresh logic added in konveyor/tackle2-hub#592 Fixes: #71 Signed-off-by: Marek Aufart <[email protected]> * Add missing go.sum entry for urn Signed-off-by: Marek Aufart <[email protected]> --------- Signed-off-by: Marek Aufart <[email protected]>
github-actions bot
pushed a commit
to konveyor/go-konveyor-tests
that referenced
this pull request
Feb 13, 2024
* Update Hub for auth token refresh Updating hub dependency to latest version that provides automatic auth token refresh logic added in konveyor/tackle2-hub#592 Fixes: #71 Signed-off-by: Marek Aufart <[email protected]> * Add missing go.sum entry for urn Signed-off-by: Marek Aufart <[email protected]> --------- Signed-off-by: Marek Aufart <[email protected]> Signed-off-by: Cherry Picker <[email protected]>
aufi
added a commit
to konveyor/go-konveyor-tests
that referenced
this pull request
Feb 14, 2024
* Update Hub for auth token refresh Updating hub dependency to latest version that provides automatic auth token refresh logic added in konveyor/tackle2-hub#592 Fixes: #71 * Add missing go.sum entry for urn --------- Signed-off-by: Marek Aufart <[email protected]> Signed-off-by: Cherry Picker <[email protected]> Co-authored-by: Marek Aufart <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is an issue with long-time running tests e.g. for analysis on Konveyor with enabled Auth feature. Keycloak allows to refresh auth token, however the token for refresh was not stored in
binding.Clientandbinding.RichClient.Loginmethod didn't return the Login struct with Refresh and Expiry fields.Main changes in this PR
For visibility @mguetta1
Fixes konveyor/go-konveyor-tests#71