From f8d276041fa16e4a51f1959521ca003cd1e46e09 Mon Sep 17 00:00:00 2001 From: Moses Mendoza Date: Sat, 24 Jul 2021 21:18:30 -0700 Subject: [PATCH 1/2] Use token method to manage timeout The access_token reader doesn't manage the token, just takes the existing token (which can expire). Use the token method as defined on parent class JwtTokenManager which accesses the same information but also renews the token if it is expired or requests a new token if not present. Signed-off-by: Moses Mendoza --- lib/ibm_cloud_sdk_core/authenticators/cp4d_authenticator.rb | 2 +- lib/ibm_cloud_sdk_core/authenticators/iam_authenticator.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ibm_cloud_sdk_core/authenticators/cp4d_authenticator.rb b/lib/ibm_cloud_sdk_core/authenticators/cp4d_authenticator.rb index 09ca7e1..f7b6ac9 100644 --- a/lib/ibm_cloud_sdk_core/authenticators/cp4d_authenticator.rb +++ b/lib/ibm_cloud_sdk_core/authenticators/cp4d_authenticator.rb @@ -34,7 +34,7 @@ def initialize(vars) # Adds the Authorization header, if possible def authenticate(headers) - headers["Authorization"] = "Bearer #{@token_manager.access_token}" + headers["Authorization"] = "Bearer #{@token_manager.token}" end # Checks if all the inputs needed are present diff --git a/lib/ibm_cloud_sdk_core/authenticators/iam_authenticator.rb b/lib/ibm_cloud_sdk_core/authenticators/iam_authenticator.rb index 2e5d12d..d6fbf0a 100644 --- a/lib/ibm_cloud_sdk_core/authenticators/iam_authenticator.rb +++ b/lib/ibm_cloud_sdk_core/authenticators/iam_authenticator.rb @@ -35,7 +35,7 @@ def initialize(vars) end def authenticate(headers) - headers["Authorization"] = "Bearer #{@token_manager.access_token}" + headers["Authorization"] = "Bearer #{@token_manager.token}" end def validate From 9aa80c5576e2c5042e80c2f30b2a62902c18267c Mon Sep 17 00:00:00 2001 From: Moses Mendoza Date: Sun, 25 Jul 2021 14:39:36 -0700 Subject: [PATCH 2/2] Correct use of iat and exp? According to the spec, iat (issued at time) identifies the time at which the JWT was issued while exp "identifies the expiration time on or after which the token MUST NOT be accepted for processing". The specs in test_iam_token_manager appear to reverse these? I could be wrong but putting in here to set up for the next test. Signed-off-by: Moses Mendoza --- test/unit/test_iam_token_manager.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/unit/test_iam_token_manager.rb b/test/unit/test_iam_token_manager.rb index 650e7b8..34a84ec 100644 --- a/test/unit/test_iam_token_manager.rb +++ b/test/unit/test_iam_token_manager.rb @@ -16,8 +16,8 @@ def test_request_token "iss": "sss", "aud": "sss", "uid": "sss", - "iat": Time.now.to_i + 3600, - "exp": Time.now.to_i + "iat": Time.now.to_i, + "exp": Time.now.to_i + 3600 } token = JWT.encode token_layout, "secret", "HS256" response = { @@ -108,8 +108,8 @@ def test_get_token "iss" => "sss", "aud" => "sss", "uid" => "sss", - "iat" => 3600, - "exp" => Time.now.to_i + "iat" => Time.now.to_i, + "exp" => Time.now.to_i + 3600 } access_token = JWT.encode(access_token_layout, "secret", "HS256", "kid": "230498151c214b788dd97f22b85410a5")