-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support login to UAA using API token #819
Conversation
45623eb
to
5a37a8a
Compare
5a37a8a
to
1fa86db
Compare
506cd5a
to
1e0a132
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still reviewing but I have a question to clarify
@@ -20,6 +20,8 @@ const ( | |||
extraIDToken = "id_token" | |||
) | |||
|
|||
var currentTime = time.Now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you mind adding a comment to explain that currentTime
is used to allow tests to override it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will be removed and addressed as part of #820 (comment) by using separate package.
- enable the API token login flow for UAA. - sets token type to api-token - supports use of alternate client ID - update token refresh logic of UAA to use the alternate ID Signed-off-by: Vui Lam <[email protected]>
Signed-off-by: Vui Lam <[email protected]>
1e0a132
to
dd641e4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good (I didn't try it).
One question about the extendedApp value.
What this PR does / why we need it
Enables login via a previously obtained API token to a UAA based endpoint.
Also: fixed a bug where the expiration time on a token refresh is incorrect set to too close to current time.
Note : adding more tests and waiting for the alternative client id to be determined.
Which issue(s) this PR fixes
Fixes #
Describe testing done for PR
Obtain refresh token from CLI context
TANZU_API_TOKEN=obtainedtoken tanzu login --endpoint uaa-based-endpoint
Updated and ran unit tests.
Release note
Additional information
Special notes for your reviewer