Bugfix/66602 keycloak access token is not refreshing properly #286
Conversation
…StorageKey enum. added TokenRefreshingHttpClient in order to implement access/refresh token cycle.
…systeme/AW40-hub-docker into bugfix/66602_keycloak_access_token_is_not_refreshing_properly
| String? token = await _authProvider.getAccessToken(); | ||
| if (token == null) { | ||
| await _authProvider.refreshAccessToken(); | ||
| token = await _authProvider.getAccessToken(); |
There was a problem hiding this comment.
This kinda works.
Every first request after the token expires still contains the outdated token and fails.
I think it might be because it reads the new token with getAccessToken right after refreshAccessToken. refreshAccessToken writes the token into the storageService but unawaited so there might be a race condition where the old token is read from storage while the write operation of the new token has not finished?
| ); | ||
|
|
||
| @override | ||
| Future<http.StreamedResponse> send(http.BaseRequest request) async { |
There was a problem hiding this comment.
Overwriting the send method seems a bit to broad to me. It works but it would leak the token to other web endpoints the webui interacts with since the Authorization header will always be set. The usage of the Authorization header should be restricted to the web endpoints that require the header and we trust.
|
Will this still be addressed before the demonstrations? |
I am working on other stories regarding Pontus-X currently. As soon as I'm done with that, I'll take care of this. Otherwise I am very happy about any support. Be it through concrete suggestions on how to implement it better. I admit my solution is rather "quick and dirty" due to the time constraints we face regarding the deadline. |
…systeme/AW40-hub-docker into bugfix/66602_keycloak_access_token_is_not_refreshing_properly
No description provided.