search

IBM / ibm-cos-sdk-js

ibm-cos-sdk-js
Apache License 2.0
38 stars 19 forks source link

Breaking changes in 1.4.5 - Credentials does not create token #55

Closed dragos-cojocari-ibm closed 4 years ago

dragos-cojocari-ibm commented 5 years ago

Since 1.4.5 the Credentials constructor no longer creates a TokenManager, see https://github.com/IBM/ibm-cos-sdk-js/commit/fc883b50a698b775d41187f3eaad39f67709b93b#diff-a22e85bf86882d390da68a1437c116c8 This results in refreshPromise not creating the token and returning undefined.

With this change all code that provides only APIKeys to the Credentials object stopped working. Is the change intentional/documented?

I believe this issue is the cause for a number of other currently open issues.

paul-carron commented 5 years ago

@dragos-cojocari-ibm can you please send me your config? Please remove any credentials before sending.

dragos-cojocari-ibm commented 5 years ago

@paul-carron we were using the Credentials object directly like this:

const Credentials = require('ibm-cos-sdk').Credentials;

const credential = new Credentials({
   apiKeyId: '123456'
});

refreshPromise().then((token) => {
  console.log(token.accessToken);
});
kellerbr-ibm commented 5 years ago

I don't believe instantiating credentials like that without running a web request should work.

If you want to bypass the object storage calls you could use a Config object instead.

const COS = require('ibm-cos-sdk');

const config = new COS.Config({
    apiKeyId: 'foo'
});

config.getCredentials((err) => {
    if (err) console.log(error);
    console.log(config.credentials);
    console.log(config.credentials.tokenManager.token.accessToken);
});

You could theoretically use the token manager directly but the API is subject to change and not guaranteed to be stable going forward.

const COS = require('ibm-cos-sdk');
const TokenManager = require('ibm-cos-sdk/lib/iam/token_manager');

const tokenManager = new TokenManager({
    apiKeyId: 'foo'
});

tokenManager.refreshToken()
.then(token => console.log(token));

Passing in the API key directly to a new COS.S3({...}) constructor will also work correctly, though the tokens will not be fetched until a request to object storage is started.

paul-carron commented 5 years ago

@dragos-cojocari-ibm did @kellerbr-ibm advice help?

paul-carron commented 4 years ago

@dragos-cojocari-ibm please #close this issue if it is now resolved.

dragos-cojocari-ibm commented 4 years ago

@paul-carron @kellerbr-ibm sorry for the delay.

I don't believe instantiating credentials like that without running a web request should work.

This did work prior to 1.4.5

You could theoretically use the token manager directly but the API is subject to change and not guaranteed to be stable going forward.

This is really the key of the issue. We have been using the COS Sdk for accessing COS ans then we extended its usage to get an IAM token for other services. So if the Token Manager is not to be used directly it would be good to have this clearly documented.

Based on the above the issue could be closed with the recommendation to document the TokenManager as internal.

Thanks.

kellerbr-ibm commented 4 years ago

Yeah, the COS token manager isn't intended to be used outside of the COS SDK itself.

It sounds like you want to take a look at node-sdk-core. It contains standalone authentication functionality for IBM Cloud.

dragos-cojocari-ibm commented 4 years ago

Thanks @kellerbr-ibm Looks like that package is better suited for our needs. I'm closing this issue.