From d200b55d0f6815057ff976fe63a74fc3b27a6042 Mon Sep 17 00:00:00 2001 From: Katrina Rogan Date: Thu, 5 Dec 2019 17:20:18 -0800 Subject: [PATCH] add expiration handling --- flytekit/clients/raw.py | 1 - flytekit/clis/auth/auth.py | 20 +++++++------------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/flytekit/clients/raw.py b/flytekit/clients/raw.py index e58b4a6e88..88c79f8157 100644 --- a/flytekit/clients/raw.py +++ b/flytekit/clients/raw.py @@ -272,7 +272,6 @@ def list_workflow_ids_paginated(self, identifier_list_request): :rtype: flyteidl.admin.common_pb2.NamedEntityIdentifierList :raises: TODO """ - _logging.warn("hi katrina, metadata is {}".format(self._metadata)) return self._stub.ListWorkflowIds(identifier_list_request, metadata=self._metadata) @_handle_rpc_error diff --git a/flytekit/clis/auth/auth.py b/flytekit/clis/auth/auth.py index 005371d180..33f201bac1 100644 --- a/flytekit/clis/auth/auth.py +++ b/flytekit/clis/auth/auth.py @@ -37,7 +37,6 @@ # Identifies the key used for storing and fetching from keyring. In our case, instead of a username as the keyring docs # suggest, we are storing a user's oidc. _keyring_access_token_storage_key = "access_token" -_keyring_id_token_storage_key = "id_token" _keyring_refresh_token_storage_key = "refresh_token" @@ -131,18 +130,13 @@ def handle_authorization_code(self, auth_code): class Credentials(object): - def __init__(self, access_token=None, id_token=None): + def __init__(self, access_token=None): self._access_token = access_token - self._id_token = id_token @property def access_token(self): return self._access_token - @property - def id_token(self): - return self._id_token - class AuthorizationClient(object): def __init__(self, auth_endpoint=None, token_endpoint=None, client_id=None, redirect_uri=None): @@ -174,9 +168,8 @@ def __init__(self, auth_endpoint=None, token_endpoint=None, client_id=None, redi # Prefer to use already-fetched token values when they've been set globally. self._refresh_token = _keyring.get_password(_keyring_service_name, _keyring_refresh_token_storage_key) access_token = _keyring.get_password(_keyring_service_name, _keyring_access_token_storage_key) - id_token = _keyring.get_password(_keyring_service_name, _keyring_id_token_storage_key) - if access_token and id_token: - self._credentials = Credentials(access_token=access_token, id_token=id_token) + if access_token: + self._credentials = Credentials(access_token=access_token) return # In the absence of globally-set token values, initiate the token request flow @@ -223,13 +216,11 @@ def _initialize_credentials(self, auth_token_resp): self._refresh_token = response_body["refresh_token"] access_token = response_body["access_token"] - id_token = response_body["id_token"] refresh_token = response_body["refresh_token"] _keyring.set_password(_keyring_service_name, _keyring_access_token_storage_key, access_token) - _keyring.set_password(_keyring_service_name, _keyring_id_token_storage_key, id_token) _keyring.set_password(_keyring_service_name, _keyring_refresh_token_storage_key, refresh_token) - self._credentials = Credentials(access_token=access_token, id_token=id_token) + self._credentials = Credentials(access_token=access_token) def request_access_token(self, auth_code): if self._state != auth_code.state: @@ -268,6 +259,9 @@ def refresh_access_token(self): self._expired = True # In the absence of a successful response, assume the refresh token is expired. This should indicate # to the caller that the AuthorizationClient is defunct and a new one needs to be re-initialized. + + _keyring.delete_password(_keyring_service_name, _keyring_access_token_storage_key) + _keyring.delete_password(_keyring_service_name, _keyring_refresh_token_storage_key) return self._initialize_credentials(resp)