Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove confusing top-level attrs of Token Response #162

Merged
merged 3 commits into from
Mar 30, 2017
Merged

Remove confusing top-level attrs of Token Response #162

merged 3 commits into from
Mar 30, 2017

Conversation

sirosen
Copy link
Member

@sirosen sirosen commented Mar 23, 2017

After some thought about #158, I've become convinced that these attributes should be removed.
The silent "promotion" of scopes by Auth, the lack of any public specification as to the method of determination for that top-level token, and the inability of users to change what that token is by any means mean that these properties offer very little value and a lot of confusion.

OAuthTokenResponse top-level properties for accessing the top-level token aren't the desired/canonical/safe way to access tokens. We're telling people to always use by_resource_server, so we should cut down the interface for this class to that and only that.

Minor change included: make the dependent token response a subclass of the typical token response, only overriding a helper used by __init__.

This will require that we bump to 0.7.0 in the next release.

@sirosen
Remove confusing top-level attrs of Token Response
c5066ce 
OAuthTokenResponse top-level properties for accessing the top-level
token aren't the desired/canonical/safe way to access tokens. We're
telling people to always use `by_resource_server`, so we should cut down
the interface for this class to that and only that.

Minor change included: make the dependent token response a subclass of
the typical token response, only overriding a helper in __init__. Also
explicitly raises NotImplementedError if someone tries to decode an ID
token with it.

Closes globus#158
@sirosen sirosen added the enhancement New feature or improvement label Mar 23, 2017
@sirosen sirosen requested a review from jaswilli March 23, 2017 18:15
@sirosen sirosen closed this Mar 23, 2017
@sirosen sirosen deleted the feature/token-response/remove-confusing-attrs branch March 23, 2017 18:18
@bjmc
Copy link
Contributor

bjmc commented Mar 23, 2017

We've always said the "top-levelness" is a meaningless artifact of wedging in extra tokens while still complying with the spec. 👍 for this change. The "top level" tokens are not special or different in any way.

@sirosen sirosen restored the feature/token-response/remove-confusing-attrs branch March 23, 2017 18:20
@sirosen sirosen reopened this Mar 23, 2017
@sirosen
Copy link
Member Author

sirosen commented Mar 23, 2017

I accidentally closed this by cleaning up all of the branches on my fork which were merged with it -- obviously including the branch itself. Whoops.

Sorry for the noise.

jaswilli
jaswilli reviewed Mar 23, 2017
View reviewed changes
globus_sdk/auth/token_response.py
The array of tokens other than the top-level one.
"""
return self['other_tokens']

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We definitely have some internal usage of these properties that will need to be refactored if they get dropped.

@sirosen
Bugfixes to RT Authorizer for new response
d564f7e 
With no more top-level properties to address the top token in a
response, the RT Authorizer neesds to do more "generic" handling of
responses via the by_resource_server attribute. Tests need to be updated
-- many of them removed -- to comply with the reduced interface to
OAuthTokenResponse objects.
@sirosen
Copy link
Member Author

sirosen commented Mar 27, 2017

The update should pass tests.

The internal usage seems to be isolated to the RefreshTokenAuthorizer. That makes sense since the refresh tokens are a specific scenario in which we know that there is one and only one token coming back on the response.

Outside of that, all of the changes necessary were made in the testsuite. Unfortunately, several tests simply had to be dropped because they were inspecting the exact attributes being removed here.

As an unfortunate side-effect, the RefreshTokenAuthorizer now needs to extract a single token -- with an unknown resource server name -- from a token response. The only way to do that, under this model, is to take response.by_resource_server.values()[0]. We happen to know that to be safe, but I wrapped it in a safety check just so that we raise a cleaner error if it ever gets broken.

@sirosen
Bugfix for py3 dict_values usage
8c073db 
Trying to index into dict.values() doesn't work on py3, where that is a
dict view. Instead, call next(iter(x)) on it, to get the first and only
element. len(x) works when x is a dict view, so that's okay.
@jaswilli jaswilli merged commit baef398 into globus:master Mar 30, 2017
@sirosen sirosen mentioned this pull request Mar 31, 2017
Merged
@sirosen sirosen deleted the feature/token-response/remove-confusing-attrs branch April 13, 2017 03:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaswilli jaswilli jaswilli left review comments

Assignees
No one assigned
Labels
enhancement New feature or improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sirosen @bjmc @jaswilli