Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an expiry time on server-to-server tokens #11262

Merged
merged 4 commits into from
May 12, 2022
Merged

Conversation

freben
Copy link
Member

@freben freben commented May 3, 2022

ServerTokenManagerOptions may seem excessive - it's there because I started out adding like issuer and expiry in there, but backtracked. I don't mind having it though for consistency and when we maybe expand on it later.

@freben freben requested a review from a team as a code owner May 3, 2022 15:38
@github-actions
Copy link
Contributor

github-actions bot commented May 3, 2022

Changed Packages

Package Name Package Path Changeset Bump Current Version
@backstage/backend-common packages/backend-common patch v0.13.3-next.1

freben added 2 commits May 4, 2022 15:26
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
@freben freben force-pushed the freben/server-token-exp branch from ebb6d91 to 4874ebc Compare May 4, 2022 13:26
Copy link
Member

@benjdlambert benjdlambert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some comments, but yay! 🎉

.changeset/olive-eggs-accept.md Outdated Show resolved Hide resolved
return this.currentTokenPromise;
}

const result = Promise.resolve().then(async () => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this Promise.resolve wrapping needed? Can we do it with new Promise()? Or is it because of the timing?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah not actually strictly needed - just makes sure that the actual "hot" function in the then gets called on the next tick, out of band, after this method has returned. This was to ensure that it would never accidentally overwrite the promise member with undefined before it was even written in the first place. But then I refractored to have the then/catch separate at the bottom anyway, rendering the initial exercise a bit moot. But still, it ensures a potentially quicker return to the caller. 🤷

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just skipping the await at this point would be enough right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not quite the same thing. I still prefer this way of doing it because

  • it reads well to me at least (VERY clearly defers the action) since it does the assignment to a member below and i wanted it to be crystal clear that it'll then for sure also be set to undefined in the right order upon failure
  • it makes sure that any work that might be sync in sign() will be happening inside the promise chain, so that exceptions are caught and handled for sure down at the bottom, not bubbling up and out already here
  • and for the same reason as above, any heavy work for sure happens out of band

but i think you are right though that a skipped await on sign() might have basically the same effect in practice in this instance

packages/backend-common/src/tokens/ServerTokenManager.ts Outdated Show resolved Hide resolved
return this.currentTokenPromise;
}

const result = Promise.resolve().then(async () => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just skipping the await at this point would be enough right?

packages/backend-common/src/tokens/ServerTokenManager.ts Outdated Show resolved Hide resolved
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
Copy link
Member

@Rugvip Rugvip left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, let's :shipit: 😁

@freben freben merged commit 4bc7493 into master May 12, 2022
@freben freben deleted the freben/server-token-exp branch May 12, 2022 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants