Add auth exception handling for expired token #1334
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LeiGlobus
added
no-news-is-good-news
LeiGlobus
requested review from
ryanchard,
chris-janidlo,
rjmello,
joshbryan-globus and
khk-globus
khk-globus
reviewed
Oct 23, 2023
khk-globus
previously approved these changes
Oct 23, 2023
LeiGlobus
dismissed stale reviews from khk-globus and joshbryan-globus
via
98bdefc
LeiGlobus
force-pushed
the
auth_grant_error
branch
3 times, most recently
from
b6b4f78 to
d89b3cf
Compare
khk-globus
previously approved these changes
Oct 23, 2023
LeiGlobus
force-pushed
the
auth_grant_error
branch
from
cc3d359 to
d666d3d
Compare
khk-globus
approved these changes
Oct 23, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
When an user runs an endpoint command and the refresh token is expired (> 6 months old), the CLI exists with a cryptic invalid_grant error message which is confusing. See Story https://app.shortcut.com/funcx/story/27972/display-better-error-message-when-refresh-token-is-expired-on-endpoint-commands
We catch these errors in normal auth pathways when registering endpoints, but the crux is that GET /v2/version fails auth, even though the token isn't required. The Globus SDK always verifies the token if it exists, before the request is sent to the endpoint(which may be a public endpoint that does not care about tokens).
Slack discussion: https://funcx.slack.com/archives/C016JMYST9C/p1697729426325119
Ideally, we want to give more clear information to the user. But in this PR I stopped short of clearing the token ourselves via logout(), as that clears tokens from all environments and may be a destructive path. Better to suggest instead?
Type of change