Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support automatic refreshing for expired OIDC tokens #2111

Closed
eugene-krivobokov opened this issue Apr 4, 2020 · 5 comments
Closed

Support automatic refreshing for expired OIDC tokens #2111

eugene-krivobokov opened this issue Apr 4, 2020 · 5 comments
Assignees
@rohanKanojia
Labels
status/never-stale

Comments

@eugene-krivobokov
Copy link

Hi!
We use oidc authentication. Our code is running inside Gradle plugin.
I've found that id-token is not refreshing automatically.
To mitigate this I've reused this mechanism from the official kubernetes client:

import io.fabric8.kubernetes.client.OAuthTokenProvider
import io.kubernetes.client.util.FilePersister
import io.kubernetes.client.util.KubeConfig

private fun oauthTokenProvider(config: File): OAuthTokenProvider {
    val kubeConfig = KubeConfig.loadKubeConfig(config.inputStream().reader())
    val persister = FilePersister(config)
    kubeConfig.setPersistConfig(persister)

    return OAuthTokenProvider { kubeConfig.accessToken }
}
Config.fromKubeconfig(kubernetesCredentials.context, configContents, "").apply {
       ...
       requestConfig.oauthTokenProvider = oauthTokenProvider(configFile)
}

https://github.com/avito-tech/avito-android/pull/297/files#diff-47071b3c0f7eebf84051f6b86e0558d9R55

Does the library support it?
This was referenced Apr 4, 2020
Merged
Closed
@eugene-krivobokov eugene-krivobokov changed the title Support automatic refreshing OIDC tokens Support automatic refreshing for expired OIDC tokens Apr 4, 2020
@rohanKanojia rohanKanojia mentioned this issue Apr 5, 2020
Closed
@rohanKanojia
Copy link
Member

@eugene-krivobokov: Hi, Thanks a lot for your bug report. I'm not sure if our library supports this as of now. I think we should try to integrate it as it seems to be a very common use case. @oscerd @manusa @iocanel WDYT??

@stale
Copy link

stale bot commented Jul 4, 2020

This issue has been automatically marked as stale because it has not had any activity since 90 days. It will be closed if no further activity occurs within 7 days. Thank you for your contributions!

@stale stale bot added the status/stale label Jul 4, 2020
@stale stale bot closed this as completed Jul 11, 2020
@rohanKanojia rohanKanojia reopened this Jul 12, 2020
@stale stale bot removed the status/stale label Jul 12, 2020
@holdenk
Copy link

holdenk commented Aug 21, 2020

This is something that's impacting the Spark project.

@rohanKanojia
Copy link
Member

We will prioritize this in upcoming sprint

@holdenk
Copy link

holdenk commented Aug 21, 2020

Great, thank you :)

@manusa manusa mentioned this issue Aug 25, 2020
Closed
@rohanKanojia rohanKanojia self-assigned this Aug 27, 2020
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Aug 28, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
06a32d4
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Aug 31, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
8ab620c
@rohanKanojia rohanKanojia mentioned this issue Aug 31, 2020
Merged
11 tasks
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 1, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
e8e1661
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 1, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
aacd0e6
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 1, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
fe18be4
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 1, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
ea854d7
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 1, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
b9b0d69
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 1, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
60bb228
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 2, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
504bc86
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 2, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
ebc705d
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 2, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
eb902d5 
- Added OIDCTokenRefreshInterceptor which would try to refresh token
  in case 401 is received.
- OpenIDConnectionUtils would refresh token using two HTTP requests
  - first client tries to get OpenID provider discovery document at
    [[.issuer-url]]/.well-known/openid-configuration and gets token_endpoint
  - Then client does a POST request to token_endpoint with all the required
    parameters(refresh_token, client_id, client_secret etc)
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Sep 2, 2020
@rohanKanojia
Fix fabric8io#2111: Add Support for OIDC token refresh
51325a8 
- Added OIDCTokenRefreshInterceptor which would try to refresh token
  in case 401 is received.
- OpenIDConnectionUtils would refresh token using two HTTP requests
  - first client tries to get OpenID provider discovery document at
    [[.issuer-url]]/.well-known/openid-configuration and gets token_endpoint
  - Then client does a POST request to token_endpoint with all the required
    parameters(refresh_token, client_id, client_secret etc)
@rtsio rtsio mentioned this issue Dec 19, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rohanKanojia rohanKanojia

Labels
status/never-stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@holdenk @eugene-krivobokov @rohanKanojia