Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add usePasswordGrantOnRefreshFailure config for password grant type token refresh failures #1333

Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 16 additions & 7 deletions ballerina/client_oauth2_provider.bal
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ public type RefreshConfig record {|
# + clientSecret - Client secret of the client authentication
# + scopes - Scope(s) of the access request
# + refreshConfig - Configurations for refreshing the access token
# + usePasswordGrantOnRefreshFailure - Flag to use the password grant type if the refresh token grant type fails
# + defaultTokenExpTime - Expiration time (in seconds) of the tokens if the token endpoint response does not contain an `expires_in` field
# + clockSkew - Clock skew (in seconds) that can be used to avoid token validation failures due to clock synchronization problems
# + optionalParams - Map of the optional parameters used for the token endpoint
Expand All @@ -83,6 +84,7 @@ public type PasswordGrantConfig record {|
string clientSecret?;
string|string[] scopes?;
RefreshConfig|INFER_REFRESH_CONFIG refreshConfig?;
boolean usePasswordGrantOnRefreshFailure = false;
decimal defaultTokenExpTime = 3600;
decimal clockSkew = 0;
map<string> optionalParams?;
Expand Down Expand Up @@ -462,13 +464,20 @@ isolated function getAccessTokenFromRefreshRequestForPasswordGrant(PasswordGrant
optionalParams: refreshConfig?.optionalParams,
credentialBearer: refreshConfig.credentialBearer
};

json response = check sendRequest(requestConfig, refreshConfig.refreshUrl,refreshConfig.clientConfig);
string accessToken = check extractAccessToken(response);
string? updatedRefreshToken = extractRefreshToken(response);
int? expiresIn = extractExpiresIn(response);
tokenCache.update(accessToken, updatedRefreshToken, expiresIn, config.defaultTokenExpTime, config.clockSkew);
return accessToken;
json|error response = sendRequest(requestConfig, refreshConfig.refreshUrl, refreshConfig.clientConfig);
if response is error {
if !config.usePasswordGrantOnRefreshFailure {
return prepareError("Failed to refresh the access token.", response);
}
return getAccessTokenFromTokenRequestForPasswordGrant(config, tokenCache);
}
if response is json {
string accessToken = check extractAccessToken(response);
string? updatedRefreshToken = extractRefreshToken(response);
int? expiresIn = extractExpiresIn(response);
tokenCache.update(accessToken, updatedRefreshToken, expiresIn, config.defaultTokenExpTime, config.clockSkew);
return accessToken;
}
}

isolated function getRefreshConfig(PasswordGrantConfig config) returns RefreshConfig|Error {
Expand Down
Loading