-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Retry unauthorized HTTP request with a renewed JWT token #1586
Retry unauthorized HTTP request with a renewed JWT token #1586
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The try_get_internal_id
function also needs to be updated with this retry logic.
@@ -621,6 +632,18 @@ mod tests { | |||
let config_file = create_test_config_file_with_content(config_content)?; | |||
|
|||
// Mock endpoint for config upload event creation | |||
// Fake an expired JWT token by rejecting the first config upload request |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't it better to have a dedicated test for this retry feature?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that I have been a bit lazy here ;-) Will see if I find some time for that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added with 73d114f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good.
Moving forward we probably need a more generic retry handler to also handle failed requests due to network interruptions etc. But it is not for this ticket's scope as there would be additional aspects like backing off before retrying etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Deleted duplicate post)
Done with 626d934 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Neat trick using a fresh connection for every token request. The fix wasn't obvious to me on a first look, as I was searching for the logic that iterates over the message stream for the most recent token.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One of the checks is failing due to a fixup!
commit, so just so we following the correct process could you please squash the changes to remove the fixup!
commit?
I found no crystal clear way to get the most recent token. The main issue is that consuming messages from a subscription there is no way to know that we have read all the available messages. |
Sure, I will |
Ok, thanks for the clarification. Approved |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
73d114f
to
2a006f8
Compare
This may have been an option: https://docs.rs/futures/0.3.25/futures/future/trait.FutureExt.html#method.now_or_never by repeatedly calling it until it returns |
Thanks for the hint. Indeed this might be useful. However, in that specific case, complexity arises due to a race condition between this call and the reception of a token. One might get |
Signed-off-by: Didier Wenzek didier.wenzek@free.fr
Proposed changes
Address the two root causes of Unauthorized request:i
Do this only once, since there is no point to get yet another fresh token if rejected twice in a row.
For the first point, the alternative is to keep the MQTT connection open and to have a background task that consumes all the JWT token - requested by the process or not, and to cache the latest one. However, this alternative introduces more complexity and opening an MQTT connection before each HTTP request should not be a performance issue for the current use-cases.
Types of changes
Paste Link to the issue
See #1562
Checklist
cargo fmt
as mentioned in CODING_GUIDELINEScargo clippy
as mentioned in CODING_GUIDELINESFurther comments