Introduce a token-manager class for token handling #89
Conversation
token-manager class will be responsible only for the token handling specifically and change some private fields to protected: tokenInfo, expireTime, refreshTime.
|
|
auth/token-managers/token-manager.ts
Outdated
| * A class for shared functionality for parsing, storing, and requesting | ||
| * JWT tokens. Intended to be used as a parent to be extended for token | ||
| * request management. Child classes should implement `requestToken()` | ||
| * to retrieve the bearer token from intended sources. |
There was a problem hiding this comment.
This comment needs work. First, it should not refer to "JWT tokens" since this class is about generic "tokens". Also, I think child classes also need to implement saveTokenInfo.
auth/token-managers/token-manager.ts
Outdated
| import { RequestWrapper } from '../../lib/request-wrapper'; | ||
| import {getCurrentTime} from "../utils"; | ||
|
|
||
| /** Configuration options for JWT token retrieval. */ |
There was a problem hiding this comment.
| /** Configuration options for JWT token retrieval. */ | |
| /** Configuration options for token retrieval. */ |
auth/token-managers/token-manager.ts
Outdated
| * @returns {Promise} | ||
| */ | ||
| protected requestToken(): Promise<any> { | ||
| const errMsg = '`requestToken` MUST be overridden by a subclass of JwtTokenManagerV1.'; |
There was a problem hiding this comment.
| const errMsg = '`requestToken` MUST be overridden by a subclass of JwtTokenManagerV1.'; | |
| const errMsg = '`requestToken` MUST be overridden by a subclass of TokenManagerV1.'; |
auth/token-managers/token-manager.ts
Outdated
| protected disableSslVerification: boolean; | ||
| protected headers: OutgoingHttpHeaders; | ||
| protected requestWrapperInstance: RequestWrapper; | ||
| protected tokenInfo: any; |
There was a problem hiding this comment.
While we're abstracting, I think we should delegate tokenInfo and tokenName to subclasses of TokenManager, with only accessToken visible at this level.
There was a problem hiding this comment.
Sorry, but I am not catching your point. TokenInfo currently in use to check that a token already is stored in the object. Here is a reference to a line where there properties are used:
https://github.com/vmatyusGitHub/node-sdk-core/blob/2269660441b93d426932ec9b0dfb51ac1dc0159a/auth/token-managers/token-manager.ts#L98
In the constructor TokenInfo is initialised to an empty object and tokenName shall be initialised in a subclass.
Are you suggesting to have only accesToken property with type string, this way I shall remove tokenInfo and tokenName from the object's property list?
There was a problem hiding this comment.
Since tokenInfo is used in the logic contained in this file, I'm fine with it existing here.
There was a problem hiding this comment.
Here was my thinking: This class requires its subclasses to implement saveTokenInfo, which is passed the response of the token request. saveTokenInfo has to set some member variables ... specifically expireTime, refreshTime, and tokenInfo.
But what is tokenInfo? It is just an object that must contain a field named tokenName that contains the access token. From the point of view of a generic TokenManager, these are extraneous details. All it needs is the accessToken. So why not simplify the TokenManager class (i.e. make it more general), and simply use accessToken set by saveTokenInfo, and push the complexity of varying token property names into the subclass, JWTTokenManager.
I can live with the code the way it is, but I think it would be better if tokenInfo and tokenName was pushed down into JWTTokenManager and TokenManager only dealt with accessToken.
There was a problem hiding this comment.
Now, I understand your request. Thank you for the more detailed description. I created a modification that would use accessToken. In this commit the change can be reviewed: 064b92f
There was a problem hiding this comment.
I was just wondering why it is important to use TokenInfo inside JwtTokenManager? Will there be a feature in the future that will be built upon the content of this object?
There was a problem hiding this comment.
Are you referring to the type TokenInfo? I don't know that we have a specific feature in mind for the future so it is not truly important. However, I think it is worth leaving in as at the very least it provides a developer with knowledge of what they can expect the response to look like.
auth/token-managers/token-manager.ts
Outdated
| } | ||
|
|
||
| /** | ||
| * Save the token from the response and the calculated expiration time to the object's state. |
There was a problem hiding this comment.
We should be explicit. This method must set accessToken (see earlier comment), expireTime, and refreshTime based on the tokenResponse.
There was a problem hiding this comment.
Half fixed in e92c3de
Remove all jwt reference from the class and function descriptions. Extend child classes implementation description with `saveTokenInfo` implementation requirement. Add more explicit description to `saveTokenInfo`
| function getCurrentTime(): number { | ||
| return Math.floor(Date.now() / 1000); | ||
| } | ||
| import {TokenManager, TokenManagerOptions} from "./token-manager"; |
There was a problem hiding this comment.
Style suggestion:
| import {TokenManager, TokenManagerOptions} from "./token-manager"; | |
| import { TokenManager, TokenManagerOptions } from "./token-manager"; |
auth/token-managers/token-manager.ts
Outdated
| import { OutgoingHttpHeaders } from 'http'; | ||
| import logger from '../../lib/logger'; | ||
| import { RequestWrapper } from '../../lib/request-wrapper'; | ||
| import {getCurrentTime} from "../utils"; |
There was a problem hiding this comment.
Style suggestion:
| import {getCurrentTime} from "../utils"; | |
| import { getCurrentTime } from "../utils"; |
auth/token-managers/token-manager.ts
Outdated
| protected disableSslVerification: boolean; | ||
| protected headers: OutgoingHttpHeaders; | ||
| protected requestWrapperInstance: RequestWrapper; | ||
| protected tokenInfo: any; |
There was a problem hiding this comment.
Since tokenInfo is used in the logic contained in this file, I'm fine with it existing here.
auth/token-managers/token-manager.ts
Outdated
| protected disableSslVerification: boolean; | ||
| protected headers: OutgoingHttpHeaders; | ||
| protected requestWrapperInstance: RequestWrapper; | ||
| protected tokenInfo: any; |
There was a problem hiding this comment.
Here was my thinking: This class requires its subclasses to implement saveTokenInfo, which is passed the response of the token request. saveTokenInfo has to set some member variables ... specifically expireTime, refreshTime, and tokenInfo.
But what is tokenInfo? It is just an object that must contain a field named tokenName that contains the access token. From the point of view of a generic TokenManager, these are extraneous details. All it needs is the accessToken. So why not simplify the TokenManager class (i.e. make it more general), and simply use accessToken set by saveTokenInfo, and push the complexity of varying token property names into the subclass, JWTTokenManager.
I can live with the code the way it is, but I think it would be better if tokenInfo and tokenName was pushed down into JWTTokenManager and TokenManager only dealt with accessToken.
|
I second @mkistler - I think the suggestion is good but I can live with the current code. @vmatyusGitHub what do you think? |
|
In my custom authentication case also only 1 access token is in use, so I also think it is a valid request. I am open to implement it. |
Store token in accessToken and move varying token property names into subclass JWT. Update tests to use accessToken field.
|
Can I ask to merge this PR? |
# [2.4.0](v2.3.2...v2.4.0) (2020-05-05) ### Features * **token-manager:** Introduce a token-manager class for token handling ([#89](#89)) ([23c5f3f](23c5f3f))
|
🎉 This PR is included in version 2.4.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.16 to 14.14.19. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The new
TokenManagerclass will be responsible only for the token handling specifically.Changed some private fields to protected:
tokenInfo,expireTime,refreshTime.Placed
getCurrentTimeinto the utils module to be globally usable.Checklist
npm testpasses (tip:npm run lint-fixcan correct most style issues)