Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a noninteractive authenticator #159

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add a noninteractive authenticator #159

wants to merge 2 commits into from

Conversation

sean-purcell
Copy link

This pair of commits adds another authenticator, which is guaranteed to be non-interactive and just uses stored refresh tokens obtained from a previous authenticator. I want to use this in an offline job that I run periodically, which I build once using a helper binary to generate the NoninteractiveTokens, and then can use repeatedly. This authenticator is simple and guaranteed to just error out if it can't provide tokens, instead of trying to do something interactive.

@sean-purcell
feat(Authenticator): add a guaranteed noninteractive authenticator
38be276 
Add an authenticator that stores refresh tokens an an application
secret, so that it can be serialized/deserialized and used in a
non-interactive program.
@sean-purcell
feat(NoninteractiveAuthenticator): add a builder for serializable tok…
1b13ce9 
…ens using another authenticator

Expose a way to create `NoninteractiveTokens` using another (presumably
`InstalledFlow` or `DeviceFlow`) authenticator.  It makes a request for
tokens, and then stores just the refresh token, assuming that the access
token will be expired by the time it's used.  There's no clean exposed
way to refresh the refresh tokens, but it's easy to do (if somewhat
awkwardly) by creating a new builder using a current NoninteractiveFlow
authenticator, so this feature doesn't add it.
@habibialkaff
Copy link

Hi, may I know if there is any follow up on this feature, or at least a temporary workaround?

dermesser
dermesser approved these changes Feb 22, 2022
View reviewed changes
src/noninteractive.rs
/// typically short-lived, this authenticator assumes it will be expired and only stores the
/// refresh token.
#[derive(Deserialize, Serialize, Clone, Default, Debug)]
pub struct NoninteractiveTokens {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may be that you have good reasons to implement this, but it looks similar to storage::JSONTokens. Maybe you can reuse that type, as the storage requirements seem to be very similar (store/retrieve by scope).

@dermesser
Copy link
Owner

Hi, may I know if there is any follow up on this feature, or at least a temporary workaround?

Good point, I'm sorry for not having come back to this. It looks like a useful addition, and I'd merge it once the conflicts are resolved!

@ggriffiniii
Copy link
Collaborator

Is there a difference between this NonInteractive authenticator and an InstalledFlowAuthenticator with a InstalledFlowDelegate that always returns an error in InstalledFlowDelegate::present_user_url?

@dermesser
Copy link
Owner

Is there a difference between this NonInteractive authenticator and an InstalledFlowAuthenticator with a InstalledFlowDelegate that always returns an error in InstalledFlowDelegate::present_user_url?

I think in principle it would have the same effect. I find this flow slightly more transparent and could see some use cases for this, even though the effect would be the same when using an appropriately implemented InstalledFlowDelegate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dermesser dermesser dermesser approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sean-purcell @habibialkaff @dermesser @ggriffiniii