DXCDT-267: Graceful handling of access token regeneration (2/x) #547
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
willvedd
commented
Dec 6, 2022
| @@ -207,18 +207,23 @@ func (c *cli) prepareTenant(ctx context.Context) (Tenant, error) { | |||
| return Tenant{}, err | |||
| } | |||
|
|
|||
| if t.AccessToken == "" || (scopesChanged(t) && t.authenticatedWithDeviceCodeFlow()) { | |||
| return RunLoginAsUser(ctx, c, true) | |||
| if scopesChanged(t) && t.authenticatedWithDeviceCodeFlow() { | |||
There was a problem hiding this comment.
Removing the empty access token check here enables more specific error messaging and guidance. Further, it didn't make sense to have both cases handled here because we always attempt to regenerate the access token no matter what below.
willvedd
commented
Dec 6, 2022
internal/cli/cli.go
Outdated
Comment on lines
220
to
234
| if t.authenticatedWithClientCredentials() { | ||
| return t, fmt.Errorf("Failed to renew access token. This may occur if the designated application has been deleted or client secret has been rotated. Please re-authenticate by running `auth0 login --as-machine`") | ||
| } | ||
|
|
||
| c.renderer.Warnf("Failed to renew access token. Please sign in to re-authenticate the CLI.") | ||
| return RunLoginAsUser(ctx, c) | ||
|
|
There was a problem hiding this comment.
Attempting to provide specific handling and guidance for both types of authentication.
willvedd
commented
Dec 6, 2022
Comment on lines
-90
to
-111
| func RunLoginAsUser(ctx context.Context, cli *cli, expired bool) (Tenant, error) { | ||
| message := fmt.Sprintf( | ||
| "%s\n\n%s\n\n", | ||
| "✪ Welcome to the Auth0 CLI 🎊", | ||
| "If you don't have an account, please create one here: https://auth0.com/signup.", | ||
| ) | ||
|
|
||
| if expired { | ||
| message = "Please sign in to re-authorize the CLI." | ||
| cli.renderer.Warnf(message) | ||
| } else { | ||
| cli.renderer.Output(message) | ||
| } |
There was a problem hiding this comment.
Extracting the error messaging out of the RunLoginAsUser is an intentional decision to keep the function focused. Further, each invocation of RunLoginAsUser comes with a unique message, that is, there is no duplication of messages with the removal of this code. This allows the messaging to stay specific to the situation and make the function more focused.
Widcket
reviewed
Dec 7, 2022
Widcket
reviewed
Dec 7, 2022
willvedd
changed the title
2 tasks
sergiught
force-pushed
the
DXCDT-267-consolidate-add-tenants-into-login-cmd
branch
from
8cff7fe
to
eb243cb
Compare
Base automatically changed from
DXCDT-267-consolidate-add-tenants-into-login-cmd
to
v1
December 9, 2022 15:18
Usage:
auth0 tenants <operation> [parameters...] [flags]
Available Operations:
use Set the active tenant
list List your tenants [ls]
open Open tenant settings page in the Auth0 Dashboard
Flags:
-h, --help help for tenants
Global Flags:
--debug Enable debug mode.
--json Output in json format.
--no-color Disable colors.
--no-input Disable interactivity.
--tenant string Specific tenant to use. (default "auth0-cli-integration-tests.us.auth0.com")
Use "auth0 tenants [command] --help" for more information about a command. into
Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
sergiught
force-pushed
the
DXCDT-267-more-reliable-access-token-regen
branch
from
09b9e5a
to
4f2c5df
Compare
sergiught
approved these changes
Dec 9, 2022
willvedd
added a commit
that referenced
this pull request
Dec 21, 2022
* DXCDT-287: Remove format flag in favor of json flag (#533) * DXCDT-288: Add perms alias for permissions subcommand (#534) * DXCDT-286: Relegate --force flag from global context (#535) * DXCDT-286: Hide global flags from commands when not applicable (#536) * [1/4] DXCDT-266: Move domains subcommand one level up the hierarchy (#539) * [2/4] DXCDT-266: Bring branding emails command under email templates (#540) * Back-merging `main` into `v1` (#543) DXCDT-293: Access token management for client credentials (#537) * Storing and refreshing access token for client credentials * Removing unnecessary comment * Removing tenant name from being stored, removing flag declarations * Removing tenant name from being stored * Fixing erroneous delete * Simplifying ExpiresAt assignment * Remove duplicate addTenant in tenants add command * Remove setting scopes on tenant when using client credentials * Refactor how we check for token expiration while preparing the tenant * Refactor cli.prepareTenant func * Refactor cli.setup func Co-authored-by: Will Vedder <will.vedder@okta.com> Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com> Co-authored-by: Will Vedder <will.vedder@okta.com> Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com> * [3/4] DXCDT-266: Rename branding cmd to universal-login (#541) * [4/4] DXCDT-266: Update docs after branding command refactor (#542) * DXCDT-283: Remove `config` command (#532) Co-authored-by: Will Vedder <will.vedder@okta.com> * DXCDT-267: Consolidate `auth0 add tenants` into `auth0 login` (1/x) (#546) Co-authored-by: Will Vedder <will.vedder@okta.com> Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com> * DXCDT-267: Graceful handling of access token regeneration (2/x) (#547) Co-authored-by: Rita Zerrizuela <zeta@widcket.com> Co-authored-by: Will Vedder <will.vedder@okta.com> Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com> * DXCDT-298: Interactive login prompt (3/x) (#551) Co-authored-by: Rita Zerrizuela <zeta@widcket.com> Co-authored-by: Will Vedder <will.vedder@okta.com> Co-authored-by: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com> Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com> * DXCDT-295: Refactor quickstarts command to use quickstart meta URL (#553) * DXCDT-297: Remove env var ingestion (#554) Removing environment variable ingestion, removing unnecessary comment Co-authored-by: Will Vedder <will.vedder@okta.com> * DXCDT-271: Add ci step to check that docs are up to date (#560) * DXCDT-271: Move bundle install out of make docs and into docs-start (#562) * DXCDT-296: Supporting additional scopes when authenticating as user (#561) * Adding additional scopes support via --scopes flag * Adding additional scopes support via --scopes flag * Removing logging * Uncommenting scope, removing Start function * Condensing error to single line * Fixing linting errors * Changing test * Updating docs * Unpluralizing text, setting nil default value * Fixing bad help text * Tiny refactors on the login cmd * Fixing linting error * Update internal/auth/auth.go Co-authored-by: Will Vedder <will.vedder@okta.com> Co-authored-by: Rita Zerrizuela <zeta@widcket.com> Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com> Co-authored-by: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com> * DXCDT-271: Fix generated docs (#563) * Rename build_doc to doc-gen * Downgrade json flag from persistent to local * Update doc pages * DXCDT-272 Add install script and update README (#564) Co-authored-by: Will Vedder <willvedd@gmail.com> Co-authored-by: Will Vedder <will.vedder@okta.com> * DXCDT-273: Authentication documentation (#565) Co-authored-by: Will Vedder <will.vedder@okta.com> * Updating README * Targeting main branch before we forget to change back Co-authored-by: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com> Co-authored-by: Will Vedder <will.vedder@okta.com> Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com> Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🔧 Changes
With the consolidation of
auth0 tenants addintoauth0 login, there are considerations to be made around access token regeneration and error handling when those tokens are unable to be regenerated.This PR introduces advancements in token regeneration for both methods of authentication, including more fault-tolerance and better guidance to the end-user when things go wrong.
📚 References
Upstream PR: #546
🔬 Testing
Manually tested by setting token expiry into the past, invalid client credentials, invalid refresh token.
📝 Checklist