From 6a8e66a9d6a5aef4cabd5197241953224c78151d Mon Sep 17 00:00:00 2001
From: bbiao <bbbiao@gmail.com>
Date: Mon, 14 Dec 2020 17:31:10 +0800
Subject: [PATCH] client/v3: clear auth token when encounter
 ErrInvalidAuthToken

Old etcdserver which have not apply pr of #12165 will check auth token
even if the request is a Authenticate request.

If the client has a invalid auth token, it will not able to update it's
token, since the Authenticate has a invalid auth token.

This fix clear the auth token when encounter an ErrInvalidAuthToken to
talk with old version etcd servers.

Fix #12385 with #12165 and #12264
---
 client/v3/retry_interceptor.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/client/v3/retry_interceptor.go b/client/v3/retry_interceptor.go
index ff9ad601ab82..72d7f4b2e46e 100644
--- a/client/v3/retry_interceptor.go
+++ b/client/v3/retry_interceptor.go
@@ -74,6 +74,11 @@ func (c *Client) unaryClientInterceptor(logger *zap.Logger, optFuncs ...retryOpt
 				continue
 			}
 			if callOpts.retryAuth && rpctypes.Error(lastErr) == rpctypes.ErrInvalidAuthToken {
+				// clear auth token befault refreshing it.
+				// call c.Auth.Authenticate with an invalid token will always fail the auth check on the server-side,
+				// and a rpctypes.ErrInvalidAuthToken will recursively call c.getToken until system run out of resource.
+				c.authTokenBundle.UpdateAuthToken("")
+
 				gterr := c.getToken(ctx)
 				if gterr != nil {
 					logger.Warn(