Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"pydevd_authorize" request #1829

int19h opened this issue Oct 7, 2019 · 1 comment


Copy link

commented Oct 7, 2019

We currently exchange the authorization tokens in the "initialize" request and response.

However, our most recent design for subprocess debugging implies that, while the TCP connection between the subprocess server and the adapter is established immediately as soon as subprocess starts, "initialize" is not sent by the adapter immediately. Instead, the adapter sends "pydevd_systemInfo" request to the debuggee as soon as connection is established, to determine PID and parent PID, and waits for IDE to request attach to the process. When IDE connects to adapter and requests attach, it sends an "initialize" request to the adapter, and that request is then relayed to the server.

Thus, we need to move the token exchange out of "initialize". We can do this via debugger properties, as mentioned in #1782, but this would require adding "getDebuggerProperty". However, this seems to be better suited for a dedicated request, since when authorization is in place, no other messages can be handled until the tokens are validated. Rather than special-casing one property like that, let's refactor this into a distinct request, in which the server token (if present) is sent as part of the request, and the IDE token (if present) is sent as part of the response.

On pydevd side, this should be very similar to the existing implementation, but instead of special-casing "initialize" in process_net_command_json(), it would special-case "pydevd_authorize". Property names are the same - "debugServerAccessToken" in request, "ideAccessToken" in response.


This comment has been minimized.

Copy link
Contributor Author

commented Oct 7, 2019

On a second thought, we might also want to rename "ideAccessToken". In our most recent design, the token exchange actually occurs between the adapter and the server, not the IDE and the server, so it's confusing. Let's revert it to "clientAccessToken" - this covers both ptvsd (where adapter is involved), and direct connections from an IDE to pydevd, if somebody wants to do that.

fabioz added a commit to fabioz/ptvsd that referenced this issue Oct 9, 2019
fabioz added a commit to fabioz/ptvsd that referenced this issue Oct 10, 2019
fabioz added a commit to fabioz/ptvsd that referenced this issue Oct 10, 2019
@fabioz fabioz closed this in c452d28 Oct 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.