Skip to content

Commit

Permalink
flowctl: Fix auth login not properly exchanging access token for re…
Browse files Browse the repository at this point in the history
…fresh token
  • Loading branch information
jshearer committed Oct 16, 2024
1 parent 8a24ab8 commit 69765a6
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 10 deletions.
2 changes: 1 addition & 1 deletion crates/flow-client/src/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ pub async fn refresh_authorizations(
(Some(access), None) => {
// We have an access token but no refresh token. Create one.
let refresh_token = api_exec::<RefreshToken>(
client.rpc(
client.clone().with_creds(Some(access.to_owned())).rpc(
"create_refresh_token",
serde_json::json!({"multi_use": true, "valid_for": "90d", "detail": "Created by flowctl"})
.to_string(),
Expand Down
16 changes: 15 additions & 1 deletion crates/flowctl/src/auth/mod.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
mod roles;

use anyhow::Context;
use flow_client::client::refresh_authorizations;

#[derive(Debug, clap::Args)]
#[clap(rename_all = "kebab-case")]
Expand Down Expand Up @@ -64,7 +65,20 @@ impl Auth {
Ok(())
}
Command::Roles(roles) => roles.run(ctx).await,
}
}?;

// Ensure that any changes to the credentials fully propagate
// i.e if an access token is changed, we also need to make sure
// to generate and store an updated refresh token.
let (access_token, refresh_token) = refresh_authorizations(
&ctx.client,
ctx.config.user_access_token.to_owned(),
ctx.config.user_refresh_token.to_owned(),
)
.await?;
ctx.config.user_access_token = Some(access_token);
ctx.config.user_refresh_token = Some(refresh_token);
Ok(())
}
}

Expand Down
20 changes: 12 additions & 8 deletions crates/flowctl/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -136,21 +136,25 @@ impl Cli {

let anon_client: flow_client::Client = config.build_anon_client();

let client = if let Ok((access, refresh)) = refresh_authorizations(
let client = match refresh_authorizations(
&anon_client,
config.user_access_token.to_owned(),
config.user_refresh_token.to_owned(),
)
.await
{
// Make sure to store refreshed tokens back in Config so they get written back to disk
config.user_access_token = Some(access.to_owned());
config.user_refresh_token = Some(refresh.to_owned());
Ok((access, refresh)) => {
// Make sure to store refreshed tokens back in Config so they get written back to disk
config.user_access_token = Some(access.to_owned());
config.user_refresh_token = Some(refresh.to_owned());

anon_client.with_creds(Some(access))
} else {
tracing::warn!("You are not authenticated. Run `auth login` to login to Flow.");
anon_client
anon_client.with_creds(Some(access))
}
Err(err) => {
tracing::debug!(?err, "Error refreshing credentials");
tracing::warn!("You are not authenticated. Run `auth login` to login to Flow.");
anon_client
}
};

let mut context = CliContext {
Expand Down

0 comments on commit 69765a6

Please sign in to comment.