Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

handle tokens that expire immediately in AutoRefreshingTokenCredential #1176

Merged
merged 2 commits into from
Dec 16, 2022
Merged

handle tokens that expire immediately in AutoRefreshingTokenCredential #1176

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c7e1fbc
handle tokens that expire immediately in `AutoRefreshingTokenCredential`
Dec 13, 2022
e91476a
Merge branch 'main' into dont-loop-on-autorefresh-get-token
Dec 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 26 additions & 19 deletions sdk/identity/src/token_credentials/auto_refreshing_credentials.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,31 +38,38 @@ impl AutoRefreshingTokenCredential {
#[cfg_attr(not(target_arch = "wasm32"), async_trait::async_trait)]
impl TokenCredential for AutoRefreshingTokenCredential {
async fn get_token(&self, resource: &str) -> azure_core::Result<TokenResponse> {
// if the current cached token is good, return that.
if let Some(Ok(token)) = self.current_token.read().await.as_ref() {
if !is_expired(token) {
return Ok(token.clone());
}
}
loop {
let mut guard = self.current_token.write().await;
match guard.as_ref() {
None => {
let res = self.credential.get_token(resource).await;
*guard = Some(res);
}
Some(Err(err)) => {
return Err(Error::with_message(ErrorKind::Credential, || {
err.to_string()
}));
}
Some(Ok(token)) => {
if is_expired(token) {
*guard = None;
} else {
return Ok(token.clone());
};
}

let mut guard = self.current_token.write().await;

// check again in case another thread refreshed the token while we were
// waiting on the write lock
if let Some(Ok(token)) = guard.as_ref() {
if !is_expired(token) {
return Ok(token.clone());
}
}

let res = self.credential.get_token(resource).await;

// NOTE: we do not check to see if the token is expired here, as at
// least one credential, `AzureCliCredential`, specifies the token is
// immediately expired after it is returned, which indicates the token
// should always be refreshed upon use.
let result = match &res {
Ok(token) => Ok(token.clone()),
Err(err) => Err(Error::with_message(ErrorKind::Credential, || {
err.to_string()
})),
};

*guard = Some(res);

result
}
}