Don't nullify token before refresh #219
Conversation
Avoids issuing requests lacking the Authorization header until a new token is fetched
|
Unfortunately, this fix isn't going to work. Using a normal It may be more fruitful to add a flag that can be passed into Are you interested in making that fix? |
Keep on using self.post instead of requests.post
|
I must confess I haven't given much thought to the bigger picture. I think I've updated my branch accordingly. Is this what you meant ? |
|
Yup, that's a lot closer! The name isn't great though: let's call it |
|
Flag renamed. |
| @@ -289,7 +287,7 @@ def refresh_token(self, token_url, refresh_token=None, body='', auth=None, | |||
| } | |||
|
|
|||
| r = self.post(token_url, data=dict(urldecode(body)), auth=auth, | |||
| timeout=timeout, headers=headers, verify=verify) | |||
| timeout=timeout, headers=headers, verify=verify, withhold_token=True) | |||
There was a problem hiding this comment.
Can we fix up the indenting here? You'll probably need to move withold_token to the next line to make everything fit an appropriate line length.
|
Fantastic, thanks! One small style nit and we're good to go! |
|
I've matched indenting to the way it looked in the fetch_token method (lines 212 and 218). Should I fix these lines too ? |
|
@dsanader Ah, good spot. Let's leave it then. Thanks! ✨ 🍰 ✨ |
Don't nullify token before refresh
|
Cool! Thanks for you quick and kind review. Cheers. |
Hello,
I'm using an OAuth2Session object, with the token autorefresh feature, inside a library. This involves some level of concurrent requests.
I've noticed that some requests were issued without the Authorization header. This was happening around the refresh requests. I've tracked it to the fact that the token was nullified inside the refresh_token method, causing my OAuth2Session instance to lack a token for a short period of time (until a new one is fetched).
The attached changes fixed the issue for me (no token reset, and issue a regular requests.post instead of using the class equivalent). That way the token is simply replaced.
Regards.