From f2b66a3799a090155f6f9052d362735bb87cfdf9 Mon Sep 17 00:00:00 2001 From: Jon Novak Date: Tue, 11 Jul 2023 15:38:20 -0500 Subject: [PATCH 1/3] Fix auto refresh token code: fix client_id missing fix client_secret missing log the call has been retried --- ansys/rep/client/client.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/ansys/rep/client/client.py b/ansys/rep/client/client.py index 16e0ce573..2459597e9 100644 --- a/ansys/rep/client/client.py +++ b/ansys/rep/client/client.py @@ -143,12 +143,13 @@ def _auto_refresh_token(self, response, *args, **kwargs): response.status_code == 401 and self._unauthorized_num_retry < self._unauthorized_max_retry ): - log.info(f"401 authorization error: trying to get a new access token.") + log.info(f"401 authorization error: Trying to get a new access token.") self._unauthorized_num_retry += 1 self.refresh_access_token() response.request.headers.update( {"Authorization": self.session.headers["Authorization"]} ) + log.debug(f"Retrying request with updated access token.") return self.session.send(response.request) self._unauthorized_num_retry = 0 @@ -157,19 +158,27 @@ def _auto_refresh_token(self, response, *args, **kwargs): def refresh_access_token(self): """Request a new access token""" if self.grant_type == "client_credentials": + # Its not reccommended to give refresh tokens to client_credentials grant types + # as per OAuth 2.0 RFC6749 Section 4.4.3, so handle these specially... tokens = authenticate( url=self.auth_url or self.rep_url, + realm=self.realm, client_id=self.client_id, client_secret=self.client_secret, grant_type=self.grant_type, ) else: + # Other workflows for authentication generally support refresh_tokens tokens = authenticate( url=self.auth_url or self.rep_url, - refresh_token=self.refresh_token, - username=self.username, + realm=self.realm, grant_type="refresh_token", + scope=self.scope, + client_id=self.client_id, + client_secret=self.client_secret, + username=self.username, + refresh_token=self.refresh_token ) self.access_token = tokens["access_token"] self.refresh_token = tokens.get("refresh_token", None) - self.session.headers.update({"Authorization": "Bearer %s" % tokens["access_token"]}) + self.session.headers.update({"Authorization": "Bearer %s" % tokens["access_token"]}) \ No newline at end of file From 74514cea0c53074315195e0efe3a61cf346a20f2 Mon Sep 17 00:00:00 2001 From: Jon Novak Date: Tue, 11 Jul 2023 15:40:03 -0500 Subject: [PATCH 2/3] pass more options to authenticate --- ansys/rep/client/client.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ansys/rep/client/client.py b/ansys/rep/client/client.py index 2459597e9..213d6ea13 100644 --- a/ansys/rep/client/client.py +++ b/ansys/rep/client/client.py @@ -163,9 +163,10 @@ def refresh_access_token(self): tokens = authenticate( url=self.auth_url or self.rep_url, realm=self.realm, + grant_type="client_credentials", + scope=self.scope, client_id=self.client_id, - client_secret=self.client_secret, - grant_type=self.grant_type, + client_secret=self.client_secret ) else: # Other workflows for authentication generally support refresh_tokens @@ -177,7 +178,7 @@ def refresh_access_token(self): client_id=self.client_id, client_secret=self.client_secret, username=self.username, - refresh_token=self.refresh_token + refresh_token=self.refresh_token ) self.access_token = tokens["access_token"] self.refresh_token = tokens.get("refresh_token", None) From 328c8c04453a2fdecb7e5221ba79b37b75ace699 Mon Sep 17 00:00:00 2001 From: Jon Novak Date: Tue, 11 Jul 2023 16:08:11 -0500 Subject: [PATCH 3/3] Local fixes for pre-commit --- ansys/rep/client/client.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansys/rep/client/client.py b/ansys/rep/client/client.py index 213d6ea13..caab36c06 100644 --- a/ansys/rep/client/client.py +++ b/ansys/rep/client/client.py @@ -158,7 +158,7 @@ def _auto_refresh_token(self, response, *args, **kwargs): def refresh_access_token(self): """Request a new access token""" if self.grant_type == "client_credentials": - # Its not reccommended to give refresh tokens to client_credentials grant types + # Its not recommended to give refresh tokens to client_credentials grant types # as per OAuth 2.0 RFC6749 Section 4.4.3, so handle these specially... tokens = authenticate( url=self.auth_url or self.rep_url, @@ -166,7 +166,7 @@ def refresh_access_token(self): grant_type="client_credentials", scope=self.scope, client_id=self.client_id, - client_secret=self.client_secret + client_secret=self.client_secret, ) else: # Other workflows for authentication generally support refresh_tokens @@ -178,8 +178,8 @@ def refresh_access_token(self): client_id=self.client_id, client_secret=self.client_secret, username=self.username, - refresh_token=self.refresh_token + refresh_token=self.refresh_token, ) self.access_token = tokens["access_token"] self.refresh_token = tokens.get("refresh_token", None) - self.session.headers.update({"Authorization": "Bearer %s" % tokens["access_token"]}) \ No newline at end of file + self.session.headers.update({"Authorization": "Bearer %s" % tokens["access_token"]})