-
Notifications
You must be signed in to change notification settings - Fork 949
Closed
Copy link
Labels
s2Broken use cases or features (with a workaround). Only humans may set this.Broken use cases or features (with a workaround). Only humans may set this.
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
We have a system that refreshes expired api keys backed by oauth2 if a refresh token is available.
However, in the case when the api key is expired but the oauth2 access token isn’t, the refresh logic is not triggered, and the api key ExpiresAt
field is not updated.
Relavant check:
Line 261 in bbe7dac
if link.OAuthExpiry.Before(now) && !link.OAuthExpiry.IsZero() && link.OAuthRefreshToken != "" { |
Early exit if ExpiresAt
is not updated.
Lines 319 to 324 in bbe7dac
if key.ExpiresAt.Before(now) { | |
return optionalWrite(http.StatusUnauthorized, codersdk.Response{ | |
Message: SignedOutErrorMessage, | |
Detail: fmt.Sprintf("API key expired at %q.", key.ExpiresAt.String()), | |
}) | |
} |
Relevant Log Output
Expected Behavior
I'd expect the ExpiresAt
field to be updated when a valid OAuth2 access token is available.
Steps to Reproduce
The way I triggered it is I manually updated the ExpiresAt
field on an api key to the current time via a SQL query and then refreshed the Coder web UI.
Environment
- Host OS: Linux
- Coder version: 2.20.2
Additional Context
No response
Metadata
Metadata
Assignees
Labels
s2Broken use cases or features (with a workaround). Only humans may set this.Broken use cases or features (with a workaround). Only humans may set this.