-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token exchange to get refresh token #123
Conversation
@valtri would be good to test it against EOSC LOT1 AAI before merging |
I'm not sure, how to test the token exchange. This is log when using JupyterHub API through JWT: (it looks like the token exchange is not performed right away?)
But everything seems working OK. Token is refreshed when it is connected interactively to the server launched using JWT:
|
If the user has logged in previously via the UI, the refresh token will be already there, so the code will not be called. We would need either a user without the refresh token for this to work. |
OK, I've tried something ugly like:
And the result:
|
Ok, let's add some debugging |
EOSC AAI decided to return the refresh token in the access token field
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything seems all right and working.
- initial JWT use (after deleting JupyterHub user)
[D 2024-07-18 11:07:52.196 JupyterHub egiauthenticator:112] Refresh token is not available
[D 2024-07-18 11:07:52.196 JupyterHub egiauthenticator:24] Exchanging access token for refresh
[D 2024-07-18 11:07:52.450 JupyterHub egiauthenticator:115] Got refresh token from exchange
...
- second JWT use
[D 2024-07-18 11:08:14.275 JupyterHub egiauthenticator:74] Reusing previously available API token for this JWT
[I 2024-07-18 11:08:14.275 JupyterHub log:191] 200 GET /hub/jwt_login (@10.244.165.69) 3.77ms
[I 2024-07-18 11:08:14.289 JupyterHub log:191] 200 GET /hub/api/user (e37e2773-c993-4cee-aa7e-1944089d9716@eosc-federation.eu@78.128.247.56) 1.89ms
-
usage after all internal tokens cleaned up
-
GUI sign-in
Summary
Performs a token exchange request to get a refresh token whenever this is not yet available for the user.
Related issue :