fix: do not fail if keychain access failed

internal/auth/auth.go

@@ -19,7 +19,8 @@ const (
 	oauthTokenEndpoint = "https://auth0.auth0.com/oauth/token"
 	audiencePath       = "/api/v2/"
 
-	secretsNamespace = "auth0-cli"
+	// namespace used to set/get values from the keychain
+	SecretsNamespace = "auth0-cli"
 )
 
 var requiredScopes = []string{
@@ -46,10 +47,11 @@ type Authenticator struct {
 }
 
 type Result struct {
-	Tenant      string
-	Domain      string
-	AccessToken string
-	ExpiresIn   int64
+	Tenant       string
+	Domain       string
+	RefreshToken string
+	AccessToken  string
+	ExpiresIn    int64
 }
 
 type State struct {
@@ -122,17 +124,12 @@ func (a *Authenticator) Wait(ctx context.Context, state State) (Result, error) {
 				return Result{}, fmt.Errorf("cannot parse tenant from the given access token: %w", err)
 			}
 
-			// store the refresh token
-			err = a.Secrets.Set(secretsNamespace, ten, res.RefreshToken)
-			if err != nil {
-				return Result{}, fmt.Errorf("cannot store refresh token: %w", err)
-			}
-
 			return Result{
-				AccessToken: res.AccessToken,
-				ExpiresIn:   res.ExpiresIn,
-				Tenant:      ten,
-				Domain:      domain,
+				RefreshToken: res.RefreshToken,
+				AccessToken:  res.AccessToken,
+				ExpiresIn:    res.ExpiresIn,
+				Tenant:       ten,
+				Domain:       domain,
 			}, nil
 		}
 	}

internal/auth/secrets.go

@@ -1,6 +1,8 @@
 package auth
 
-import "github.com/zalando/go-keyring"
+import (
+	"github.com/zalando/go-keyring"
+)
 
 type Keyring struct{}
 

internal/auth/token.go

@@ -24,14 +24,14 @@ type TokenRetriever struct {
 
 // Delete deletes the given tenant from the secrets storage.
 func (t *TokenRetriever) Delete(tenant string) error {
-	return t.Secrets.Delete(secretsNamespace, tenant)
+	return t.Secrets.Delete(SecretsNamespace, tenant)
 }
 
 // Refresh gets a new access token from the provided refresh token,
 // The request is used the default client_id and endpoint for device authentication.
 func (t *TokenRetriever) Refresh(ctx context.Context, tenant string) (TokenResponse, error) {
 	// get stored refresh token:
-	refreshToken, err := t.Secrets.Get(secretsNamespace, tenant)
+	refreshToken, err := t.Secrets.Get(SecretsNamespace, tenant)
 	if err != nil {
 		return TokenResponse{}, fmt.Errorf("cannot get the stored refresh token: %w", err)
 	}

internal/cli/login.go

@@ -39,7 +39,7 @@ func RunLogin(ctx context.Context, cli *cli, expired bool) error {
 		cli.renderer.Infof("If you don't have an account, please go to https://auth0.com/signup, otherwise continue in the browser.\n\n")
 	}
 
-	a := &auth.Authenticator{Secrets: &auth.Keyring{}}
+	a := &auth.Authenticator{}
 	state, err := a.Start(ctx)
 	if err != nil {
 		return fmt.Errorf("could not start the authentication process: %w.", err)
@@ -63,6 +63,14 @@ func RunLogin(ctx context.Context, cli *cli, expired bool) error {
 	cli.renderer.Infof("Successfully logged in.")
 	cli.renderer.Infof("Tenant: %s\n", res.Tenant)
 
+	// store the refresh token
+	secretsStore := &auth.Keyring{}
+	err = secretsStore.Set(auth.SecretsNamespace, res.Tenant, res.RefreshToken)
+	if err != nil {
+		// log the error but move on
+		cli.renderer.Warnf("Could not store the refresh token locally, please expect to login again once your access token expired: %s.", err.Error())
+	}
+
 	err = cli.addTenant(tenant{
 		Name:        res.Tenant,
 		Domain:      res.Domain,