Closed imjasonh closed 11 months ago
Hey @imjasonh, thanks for sending this! Do you mind just formatting https://github.com/GoogleCloudPlatform/docker-credential-gcr/pull/134/files? I botched the formatting when merging master into this branch and don't have access to fix it. I'll approve and merge after
Thanks for getting back to me. I gofmt'ed the file, let me know if there's anything else you'd like me to do.
This change modifies the auth refresh flow to detect the specific error response that indicates a reauth is required ("invalid_rapt"), and initiates a new browser-based auth flow in that case.
This specific error indicates that a human user's auth is used and that the user's GCP organization requires periodic browser-based auth flows, for example to impose 2FA requirements.
I don't anticipate this error response will be seen using service account credentials, or when a human user's credentials are involved without access to a browser. In either case, the "invalid_rapt" response indicates the user must open a browser to proceed, e.g., using
gcr-login
orgcloud auth login
, so this just automates the initiation of that flow.