Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DXCDT-267: Graceful handling of access token regeneration (2/x) #547

Merged
merged 8 commits into from
Dec 9, 2022

Conversation

willvedd
Copy link
Contributor

@willvedd willvedd commented Dec 6, 2022

🔧 Changes

With the consolidation of auth0 tenants add into auth0 login, there are considerations to be made around access token regeneration and error handling when those tokens are unable to be regenerated.

This PR introduces advancements in token regeneration for both methods of authentication, including more fault-tolerance and better guidance to the end-user when things go wrong.

📚 References

Upstream PR: #546

🔬 Testing

Manually tested by setting token expiry into the past, invalid client credentials, invalid refresh token.

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@willvedd willvedd requested a review from a team as a code owner December 6, 2022 22:02
@@ -207,18 +207,23 @@ func (c *cli) prepareTenant(ctx context.Context) (Tenant, error) {
return Tenant{}, err
}

if t.AccessToken == "" || (scopesChanged(t) && t.authenticatedWithDeviceCodeFlow()) {
return RunLoginAsUser(ctx, c, true)
if scopesChanged(t) && t.authenticatedWithDeviceCodeFlow() {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing the empty access token check here enables more specific error messaging and guidance. Further, it didn't make sense to have both cases handled here because we always attempt to regenerate the access token no matter what below.

Comment on lines 220 to 234
if t.authenticatedWithClientCredentials() {
return t, fmt.Errorf("Failed to renew access token. This may occur if the designated application has been deleted or client secret has been rotated. Please re-authenticate by running `auth0 login --as-machine`")
}

c.renderer.Warnf("Failed to renew access token. Please sign in to re-authenticate the CLI.")
return RunLoginAsUser(ctx, c)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attempting to provide specific handling and guidance for both types of authentication.

Comment on lines -90 to -111
func RunLoginAsUser(ctx context.Context, cli *cli, expired bool) (Tenant, error) {
message := fmt.Sprintf(
"%s\n\n%s\n\n",
"✪ Welcome to the Auth0 CLI 🎊",
"If you don't have an account, please create one here: https://auth0.com/signup.",
)

if expired {
message = "Please sign in to re-authorize the CLI."
cli.renderer.Warnf(message)
} else {
cli.renderer.Output(message)
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extracting the error messaging out of the RunLoginAsUser is an intentional decision to keep the function focused. Further, each invocation of RunLoginAsUser comes with a unique message, that is, there is no duplication of messages with the removal of this code. This allows the messaging to stay specific to the situation and make the function more focused.

internal/cli/cli.go Outdated Show resolved Hide resolved
internal/cli/cli.go Outdated Show resolved Hide resolved
@willvedd willvedd changed the title DXCDT-267: Graceful handling of access token regeneration (2/2) DXCDT-267: Graceful handling of access token regeneration (2/x) Dec 7, 2022
@sergiught sergiught force-pushed the DXCDT-267-consolidate-add-tenants-into-login-cmd branch from 8cff7fe to eb243cb Compare December 9, 2022 15:03
Base automatically changed from DXCDT-267-consolidate-add-tenants-into-login-cmd to v1 December 9, 2022 15:18
willvedd and others added 8 commits December 9, 2022 16:22
Usage:
  auth0 tenants <operation> [parameters...] [flags]

Available Operations:
  use         Set the active tenant
  list        List your tenants [ls]
  open        Open tenant settings page in the Auth0 Dashboard

Flags:
  -h, --help   help for tenants

Global Flags:
      --debug           Enable debug mode.
      --json            Output in json format.
      --no-color        Disable colors.
      --no-input        Disable interactivity.
      --tenant string   Specific tenant to use. (default "auth0-cli-integration-tests.us.auth0.com")

Use "auth0 tenants [command] --help" for more information about a command. into
Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
@sergiught sergiught force-pushed the DXCDT-267-more-reliable-access-token-regen branch from 09b9e5a to 4f2c5df Compare December 9, 2022 16:13
@sergiught sergiught merged commit 3e367a5 into v1 Dec 9, 2022
@sergiught sergiught deleted the DXCDT-267-more-reliable-access-token-regen branch December 9, 2022 16:19
willvedd added a commit that referenced this pull request Dec 21, 2022
* DXCDT-287: Remove format flag in favor of json flag (#533)

* DXCDT-288: Add perms alias for permissions subcommand (#534)

* DXCDT-286: Relegate --force flag from global context (#535)

* DXCDT-286: Hide global flags from commands when not applicable (#536)

* [1/4] DXCDT-266: Move domains subcommand one level up the hierarchy (#539)

* [2/4] DXCDT-266: Bring branding emails command under email templates (#540)

* Back-merging `main` into `v1` (#543)

DXCDT-293: Access token management for client credentials (#537)

* Storing and refreshing access token for client credentials

* Removing unnecessary comment

* Removing tenant name from being stored, removing flag declarations

* Removing tenant name from being stored

* Fixing erroneous delete

* Simplifying ExpiresAt assignment

* Remove duplicate addTenant in tenants add command

* Remove setting scopes on tenant when using client credentials

* Refactor how we check for token expiration while preparing the tenant

* Refactor cli.prepareTenant func

* Refactor cli.setup func

Co-authored-by: Will Vedder <will.vedder@okta.com>
Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com>

Co-authored-by: Will Vedder <will.vedder@okta.com>
Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com>

* [3/4] DXCDT-266: Rename branding cmd to universal-login (#541)

* [4/4] DXCDT-266: Update docs after branding command refactor (#542)

* DXCDT-283: Remove `config` command (#532)

Co-authored-by: Will Vedder <will.vedder@okta.com>

* DXCDT-267: Consolidate `auth0 add tenants` into `auth0 login` (1/x) (#546)

Co-authored-by: Will Vedder <will.vedder@okta.com>
Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com>

* DXCDT-267: Graceful handling of access token regeneration (2/x) (#547)

Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
Co-authored-by: Will Vedder <will.vedder@okta.com>
Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com>

* DXCDT-298: Interactive login prompt (3/x) (#551)

Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
Co-authored-by: Will Vedder <will.vedder@okta.com>
Co-authored-by: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com>
Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com>

* DXCDT-295: Refactor quickstarts command to use quickstart meta URL (#553)

* DXCDT-297: Remove env var ingestion (#554)

Removing environment variable ingestion, removing unnecessary comment

Co-authored-by: Will Vedder <will.vedder@okta.com>

* DXCDT-271: Add ci step to check that docs are up to date (#560)

* DXCDT-271: Move bundle install out of make docs and into docs-start (#562)

* DXCDT-296: Supporting additional scopes when authenticating as user (#561)

* Adding additional scopes support via --scopes flag

* Adding additional scopes support via --scopes flag

* Removing logging

* Uncommenting scope, removing Start function

* Condensing error to single line

* Fixing linting errors

* Changing test

* Updating docs

* Unpluralizing text, setting nil default value

* Fixing bad help text

* Tiny refactors on the login cmd

* Fixing linting error

* Update internal/auth/auth.go

Co-authored-by: Will Vedder <will.vedder@okta.com>
Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com>
Co-authored-by: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com>

* DXCDT-271: Fix generated docs (#563)

* Rename build_doc to doc-gen

* Downgrade json flag from persistent to local

* Update doc pages

* DXCDT-272 Add install script and update README (#564)

Co-authored-by: Will Vedder <willvedd@gmail.com>
Co-authored-by: Will Vedder <will.vedder@okta.com>

* DXCDT-273: Authentication documentation (#565)

Co-authored-by: Will Vedder <will.vedder@okta.com>

* Updating README

* Targeting main branch before we forget to change back

Co-authored-by: Sergiu Ghitea <28300158+sergiught@users.noreply.github.com>
Co-authored-by: Will Vedder <will.vedder@okta.com>
Co-authored-by: Sergiu Ghitea <sergiu.ghitea@okta.com>
Co-authored-by: Rita Zerrizuela <zeta@widcket.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants