interactive mode results in an empty refresh_token

[ronaknnathani]

Using interactive mode with kubelogin get-token results in an empty refresh_token. As a result, the user has to log in almost every hour since there's no refresh token available to refresh the access_token. This isn't the case when using devicecode mode.

We are interested in using the interactive mode since it provides a better UX of directly opening the browser to login. However, having to login more frequently than usual is preventing us from using this mode.

Example token file when using interactive mode.

{
  "access_token": "XXXX",
  "refresh_token": "",
  "expires_in": 0,
  "expires_on": 1690245038,
  "not_before": 0,
  "resource": "XXXX",
  "token_type": ""
}

Example token when using devicecode mode

{
  "access_token": "XXXX",
  "refresh_token": "XXXX",
  "expires_in": 4231,
  "expires_on": 1690244755,
  "not_before": 1690240223,
  "resource": "XXXX",
  "token_type": "Bearer"
}

Kubelogin version

✗ kubelogin --version
kubelogin version
git hash: v0.0.31/e5dd8912ed0b6e4a4f0eda8f8cc8012c26d66b6c
Go version: go1.19.10
Build time: 2023-07-19T15:54:57Z
Platform: darwin/arm64

[weinong]

the issue is documented at #62. The cause is the lack of secure local token cache support in msal for go sdk.