Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
best practices for access and refresh token re-use
See original GitHub issueWhat is considered the best usage of creating a CF client when we have an access and refresh token stored (like the CLI client does)?
Current we use the PasswordGrantTokenProvider to extract the access and refresh token from the login response and store that locally. When we need to connect to CF again (with a new instance of the client) we implemented a class from the TokenProvider interface that has the accessToken, and when this is invalid we renew it in the invalidate() method using a RefreshTokenGrantProvider.
So the question is, what is the best approach to create a TokenProvider with a known access and refresh token?
Our current implementation looks like this
final Properties props = new Properties();
TokenProvider tp = new TokenProvider() {
Mono<String> accessToken = Mono.just(props.getProperty("accessToken"));
@Override
public Mono<String> getToken(ConnectionContext connectionContext) {
return accessToken;
}
@Override
public void invalidate(ConnectionContext connectionContext) {
DefaultConnectionContext newConCtx = DefaultConnectionContext.builder().from(connectionContext).build();
RefreshTokenGrantTokenProvider newToken = RefreshTokenGrantTokenProvider.builder()
.token(props.getProperty("refreshToken"))
.build();
try {
accessToken = newToken.getToken(newConCtx)
.doOnSuccess(s -> System.out.println("Got a new token: " + s));
} catch (Exception e) {
throw new IllegalStateException("Something is wrong renewing our token", e);
}
System.out.println("We'll get you a new token!");
}
};
Please advice
Issue Analytics
- State:
- Created 6 years ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@cwesdorp It’s important to remember that there are only two types that maintain any significant state, the
ConnectionContextand theTokenProvider. In your multi-tenant situation I’d recommend havingConnectionContextused by all requests (if there is a single target host, multiple if there are multiple target hosts)TokenProviders keyed by the user*Clients created on each incoming requestBy far the most expensive (resource-wise) component is the
ConnectionContext. It contains the thread and connection pools and is designed to be used for any and all requests, even with different users. TheTokenProvidersstore valid tokens, resulting in fewer network calls for them and renegotiate when a401is received. Since there is some unnecessary overhead in negotiating a token when you’ve got a valid one it makes sense to cache these. Beyond that, aCloudFoundryClient(and its peers) is totally stateless, simply combining aConnectionContextand aTokenProviderto make a REST call. You can create and destroy these quickly, easily, and regularly with no real penalty.The client is designed so that you can mux
ConnectionContexts andTokenProvidersin any combination and they’ll behave properly. This allows you to cache expensive resources in memory and mix and match them in lightweight clients as needed.@nebhale Thanks for the guide lines. I’ll understand the idea and have a sample application from which I came to that conclusion, good that you confirm this.