3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-05 10:58:11 +02:00
Code Issues Projects Releases Packages Wiki Activity

zero/api: reset token and url cache if 401 is received (#5256)

Browse source 
zero/api: reset token cache if 401 is received
This commit is contained in:
Denis Mishin 2024-09-03 15:40:28 -04:00 committed by GitHub
parent a04d1a450c
commit ce12e51cf5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 91 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

7
pkg/zero/cluster/token_fetcher.go
View file

@ -6,6 +6,7 @@ import (
"strconv"
"time"
"github.com/pomerium/pomerium/internal/log"
"github.com/pomerium/pomerium/internal/zero/apierror"
"github.com/pomerium/pomerium/internal/zero/token"
)
@ -20,7 +21,7 @@ func NewTokenFetcher(endpoint string, opts ...ClientOption) (token.Fetcher, erro
return func(ctx context.Context, refreshToken string) (*token.Token, error) {
now := time.Now()
resp, err := apierror.CheckResponse[ExchangeTokenResponse](client.ExchangeClusterIdentityTokenWithResponse(ctx, ExchangeTokenRequest{
resp, err := apierror.CheckResponse(client.ExchangeClusterIdentityTokenWithResponse(ctx, ExchangeTokenRequest{
RefreshToken: refreshToken,
}))
if err != nil {
@ -32,9 +33,11 @@ func NewTokenFetcher(endpoint string, opts ...ClientOption) (token.Fetcher, erro
return nil, fmt.Errorf("error parsing expires in: %w", err)
}
expires := now.Add(time.Duration(expiresSeconds) * time.Second)
log.Ctx(ctx).Debug().Time("expires", expires).Msg("fetched new Bearer token")
return &token.Token{
Bearer: resp.IdToken,
Expires: now.Add(time.Duration(expiresSeconds) * time.Second),
Expires: expires,
}, nil
}, nil
}