-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow dropping tokens from the session manager for easier recovery on lookup failures #684
Comments
A near-solution was to wrap the The only real workaround I found for the issue was to add a call to |
What would be a proper workaround? Rethrowing the exception would leave a potentially created token active, and we would need to revoke the token as outlined in your approach. An alternative could be us providing a public Let me know what you think. |
If I may join this discussion: To make things worse, we observed, that having "an event listener to respond to failure events*" is not enough in case of the The only reason stopping us from setting up our own issue here is, that we can't clearly point to one problem, but seem to face a combination of a few. (*) assuming you are talking about |
On my end, the public |
Thanks a lot for having a look. If you should run into other issues, let us know and we can work on these. |
For context, I'm using
TokenAuthentication
withLifecycleAwareSessionManager
. The token used is a periodic token provided to the service at install-time.To provide resilience against network blips during the
LifecycleAwareSessionManager
's renewal loop, I've set it to drop the token on error, and configured an event listener to respond to failure events by callingLifecycleAwareSessionManager::getSessionToken
after a delay to restart the renewals.This works well when failures happen during the renewal call. However, if there's a failure in
LifecycleAwareSessionManager::doGetSessionToken
in the try block that surrounds this line:the token wrapper token is never upgraded to a
LoginToken
, which means the token is not considered renewable and the renewal loop will not start. In addition, this failure does not allow the token to be dropped, meaning that any further attempts to trigger a new login will just use the token stored in the wrapper. This token will still work in the short term but because the renewal loop is broken it will eventually quietly expire and break the application.The text was updated successfully, but these errors were encountered: