Make use of AuthorizationProvider (and cache clients?) #382
Comments
|
I would like us to keep one client per installation as I want to make sure no information leak. IIRC there are a few caches in the client. Also we would still have the problem with the SmallRye GraphQL Client, right? |
We have to anyway as each installation would require a different token and authorization provider. That's completely compatible with my proposal. If we cached clients, there would be one cached client for the application client and one per installation ID for the installation clients. Which means we would use the same client across all requests for the same installation, but not across different installations. And even if we don't cache the clients, authorization providers could help as they would ensure a client stays valid forever, even if event processing (or background processes) take a long time.
I didn't look how that client work, so I don't know. If the "problem" you're mentioning is the leak, though, here too it's irrelevant as we'd still need one client per installation. |
No the problem was that we would probably have to keep the current behavior for this client if it doesn't provide a similar mechanism. |
github-api supports self-refreshing authorization providers, as evidenced by
org.kohsuke.github.extras.authorization.JWTTokenProviderandorg.kohsuke.github.authorization.OrgAppInstallationAuthorizationProvider.We don't need to use these implementations if they're not a good fit, but we could use our own implementations of
org.kohsuke.github.authorization.AuthorizationProviderin order to create a client that refreshes its token automatically.The main advantage would be that a given client could stay valid forever (because it automatically refreshes its token if necessary before each HTTP request), opening the door to caching clients (potentially forever, in the case of the application client).
The text was updated successfully, but these errors were encountered: