SDK: Refresh Token implementation #1319
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…enewal apis(used for identity server but requires re-design for refresh tokens).
3 tasks
langleyd
changed the title
…atch group to ensure 1 leader request for refresh.
…tely capture what the new design does.
langleyd
changed the title
…isk across processes.
…angleyd/5292_refresh_tokens
- Use tokenProviderHandler for non-refresh token auth also. - Improve handling of unauthenticated cases and insure graceful failure. - Extract refresh token recover(from disk) and refresh(from server) to own function.
…angleyd/5292_refresh_tokens
… dealloc'd and general cleanup.
…angleyd/5292_refresh_tokens
…update `MXCredentials`.
ismailgulek
reviewed
Jan 27, 2022
|
I wonder if it would make sense to have default valued parameters on |
ismailgulek
reviewed
Jan 28, 2022
As per the spec the refresh token can be nil on the refresh request, in which case we assume the existing refresh token is still valid.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Supports changes in element-hq/element-ios#5293 to resolve element-hq/element-ios#5292
Included in this PR
MXSDKOptions.authEnableRefreshTokensto enable refresh tokens. Access token auth will remain in place for the user while logged. Refresh token auth will be used on next login/register.MXCredential, it has a function for updating the tokens when they are refreshed. It is the source of truth for these values.MXCredentialbe the source of truth and other classes that require it such asMXHTTPClientto pull in the value on demand.MXHTTPClientrequestWithMethodfunctions in the past forked, with half of the function signatures supporting an auth mechanism for the Identity server and the others being for homeserver requests. Rather than maintaining two different auth mechanisms for the http client there I created one that servers both identity and homeserver auth. It comes at the risk of updating the identity server auth but with the benefit of approach/code actually being understandable(vs having two implementations).MXHTTPClientis designated asauthenticatedor not in the init(the later meaning the auth closures are not invoked) and similar to the old identity server auth, individual requests can be downgraded to remove the auth headers. All auth requests are now wrapped in an access token check that verifies its validity/requests a new token if required. All authenticated responses are also checked for theUNKNOWN_TOKENand retried after again verifying/requesting an access token.NSFileCoordinator. If the read tells use the credential is good we us it, if not we refresh the token with the server and write it back within the transaction so that the next read get is and we don't have race condition.TODO
MXSDKOptions.authEnableRefreshTokensenabled that access token auth continues to work until the users logs out.MXSDKOptions.authEnableRefreshTokensdisabled that access token auth continues to work.