-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for refresh_tokens? #407
Comments
I'm not entirely familiar with what you're referring to. Could you share a link? |
@rbren this is the first I'm hearing of this change, so I appreciate you forwarding that over. Reading that document makes me realize that it seems disorganized on the PagerDuty side, where in that document they talk about adding Anywho, to your question... As of today this package is not involved with the OAuth token negotiation process, and instead expects consumers to do that and pass the token to the client. So I think the initial answer to your question is that there are no plans for that right now, and consumers would need to do that going forward. I think it would be a pretty substantial change to the client to support that, and so I think we'd need to be thoughtful/intentional about it if we do plan to support it. Edit: What I mean by this last paragraph, is it then opens questions about how to manage the lifecycle of things like the |
All good questions! Thanks @theckman. Even just having a function like |
Clients doing their own token negotiation is often the "correct" way given that coordinating token lifecycle is normally outside the scope of the client itself. Maybe providing documented examples leveraging We could also potentially provide some conveniences, e.g.:
Again some things I'd be happy to contribute if it's a direction we think is worth pursuing. One minor detail is that we'll also be rolling out more OIDC functionality so a useful alternative to |
PagerDuty currently uses Oauth2 tokens that need to be acquired and refreshed with some frequency. The current setup only supports static string auth tokens. While uses could do the Oauth2 handling themselves, it'd lead to a quite challenging maneuvering to re-create the PagerDuty client with the new token once the previous expires, which is unnecessary when there are official canned libraries to do that for us. Another option could almost be to just use the oauth2 created Client [1], but the way `prepRequest` works would interfere with it. Fixes PagerDuty#407 1: https://pkg.go.dev/golang.org/x/oauth2#Config.Client
We recently learned that all access_tokens are now expiring after 1 year. Are there plans to support refresh_tokens in this library?
The text was updated successfully, but these errors were encountered: