-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DXCDT-267: Graceful handling of access token regeneration (2/x) #547
Conversation
@@ -207,18 +207,23 @@ func (c *cli) prepareTenant(ctx context.Context) (Tenant, error) { | |||
return Tenant{}, err | |||
} | |||
|
|||
if t.AccessToken == "" || (scopesChanged(t) && t.authenticatedWithDeviceCodeFlow()) { | |||
return RunLoginAsUser(ctx, c, true) | |||
if scopesChanged(t) && t.authenticatedWithDeviceCodeFlow() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removing the empty access token check here enables more specific error messaging and guidance. Further, it didn't make sense to have both cases handled here because we always attempt to regenerate the access token no matter what below.
internal/cli/cli.go
Outdated
if t.authenticatedWithClientCredentials() { | ||
return t, fmt.Errorf("Failed to renew access token. This may occur if the designated application has been deleted or client secret has been rotated. Please re-authenticate by running `auth0 login --as-machine`") | ||
} | ||
|
||
c.renderer.Warnf("Failed to renew access token. Please sign in to re-authenticate the CLI.") | ||
return RunLoginAsUser(ctx, c) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Attempting to provide specific handling and guidance for both types of authentication.
func RunLoginAsUser(ctx context.Context, cli *cli, expired bool) (Tenant, error) { | ||
message := fmt.Sprintf( | ||
"%s\n\n%s\n\n", | ||
"✪ Welcome to the Auth0 CLI 🎊", | ||
"If you don't have an account, please create one here: https://auth0.com/signup.", | ||
) | ||
|
||
if expired { | ||
message = "Please sign in to re-authorize the CLI." | ||
cli.renderer.Warnf(message) | ||
} else { | ||
cli.renderer.Output(message) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extracting the error messaging out of the RunLoginAsUser
is an intentional decision to keep the function focused. Further, each invocation of RunLoginAsUser
comes with a unique message, that is, there is no duplication of messages with the removal of this code. This allows the messaging to stay specific to the situation and make the function more focused.
8cff7fe
to
eb243cb
Compare
Usage: auth0 tenants <operation> [parameters...] [flags] Available Operations: use Set the active tenant list List your tenants [ls] open Open tenant settings page in the Auth0 Dashboard Flags: -h, --help help for tenants Global Flags: --debug Enable debug mode. --json Output in json format. --no-color Disable colors. --no-input Disable interactivity. --tenant string Specific tenant to use. (default "auth0-cli-integration-tests.us.auth0.com") Use "auth0 tenants [command] --help" for more information about a command. into
Co-authored-by: Rita Zerrizuela <[email protected]>
Co-authored-by: Rita Zerrizuela <[email protected]>
09b9e5a
to
4f2c5df
Compare
* DXCDT-287: Remove format flag in favor of json flag (#533) * DXCDT-288: Add perms alias for permissions subcommand (#534) * DXCDT-286: Relegate --force flag from global context (#535) * DXCDT-286: Hide global flags from commands when not applicable (#536) * [1/4] DXCDT-266: Move domains subcommand one level up the hierarchy (#539) * [2/4] DXCDT-266: Bring branding emails command under email templates (#540) * Back-merging `main` into `v1` (#543) DXCDT-293: Access token management for client credentials (#537) * Storing and refreshing access token for client credentials * Removing unnecessary comment * Removing tenant name from being stored, removing flag declarations * Removing tenant name from being stored * Fixing erroneous delete * Simplifying ExpiresAt assignment * Remove duplicate addTenant in tenants add command * Remove setting scopes on tenant when using client credentials * Refactor how we check for token expiration while preparing the tenant * Refactor cli.prepareTenant func * Refactor cli.setup func Co-authored-by: Will Vedder <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]> Co-authored-by: Will Vedder <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]> * [3/4] DXCDT-266: Rename branding cmd to universal-login (#541) * [4/4] DXCDT-266: Update docs after branding command refactor (#542) * DXCDT-283: Remove `config` command (#532) Co-authored-by: Will Vedder <[email protected]> * DXCDT-267: Consolidate `auth0 add tenants` into `auth0 login` (1/x) (#546) Co-authored-by: Will Vedder <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]> * DXCDT-267: Graceful handling of access token regeneration (2/x) (#547) Co-authored-by: Rita Zerrizuela <[email protected]> Co-authored-by: Will Vedder <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]> * DXCDT-298: Interactive login prompt (3/x) (#551) Co-authored-by: Rita Zerrizuela <[email protected]> Co-authored-by: Will Vedder <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]> * DXCDT-295: Refactor quickstarts command to use quickstart meta URL (#553) * DXCDT-297: Remove env var ingestion (#554) Removing environment variable ingestion, removing unnecessary comment Co-authored-by: Will Vedder <[email protected]> * DXCDT-271: Add ci step to check that docs are up to date (#560) * DXCDT-271: Move bundle install out of make docs and into docs-start (#562) * DXCDT-296: Supporting additional scopes when authenticating as user (#561) * Adding additional scopes support via --scopes flag * Adding additional scopes support via --scopes flag * Removing logging * Uncommenting scope, removing Start function * Condensing error to single line * Fixing linting errors * Changing test * Updating docs * Unpluralizing text, setting nil default value * Fixing bad help text * Tiny refactors on the login cmd * Fixing linting error * Update internal/auth/auth.go Co-authored-by: Will Vedder <[email protected]> Co-authored-by: Rita Zerrizuela <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]> * DXCDT-271: Fix generated docs (#563) * Rename build_doc to doc-gen * Downgrade json flag from persistent to local * Update doc pages * DXCDT-272 Add install script and update README (#564) Co-authored-by: Will Vedder <[email protected]> Co-authored-by: Will Vedder <[email protected]> * DXCDT-273: Authentication documentation (#565) Co-authored-by: Will Vedder <[email protected]> * Updating README * Targeting main branch before we forget to change back Co-authored-by: Sergiu Ghitea <[email protected]> Co-authored-by: Will Vedder <[email protected]> Co-authored-by: Sergiu Ghitea <[email protected]> Co-authored-by: Rita Zerrizuela <[email protected]>
🔧 Changes
With the consolidation of
auth0 tenants add
intoauth0 login
, there are considerations to be made around access token regeneration and error handling when those tokens are unable to be regenerated.This PR introduces advancements in token regeneration for both methods of authentication, including more fault-tolerance and better guidance to the end-user when things go wrong.
📚 References
Upstream PR: #546
🔬 Testing
Manually tested by setting token expiry into the past, invalid client credentials, invalid refresh token.
📝 Checklist