The issue, as I recall, was if you provide a refresh token to the builder you can get into a situation where the initial request to get an access token also triggers the refresh token to be rotated. I don't think this was properly handled in requests-auth, and we ended up with an out of date refresh token.
This became a problem recently where requests_auth was updated from 7 to 8, which broke this package.
We should review the current behavior to see if this is still an issue. If it is, we should see if we can get this functionality contributed to the requests_auth package.
💡 Steps for implementing the feature
Check if we still need to use the non-public methods
If yes, contribute an alternative approach upstream
📝 Description of the feature
Split from #639
We currently use non-public methods within
requests_authto work around some OIDC issues, specifically (quoting from https://github.com/ansys/openapi-common/issues/639#issuecomment-2293374116):This became a problem recently where
requests_authwas updated from 7 to 8, which broke this package.We should review the current behavior to see if this is still an issue. If it is, we should see if we can get this functionality contributed to the
requests_authpackage.💡 Steps for implementing the feature
🔗 Useful links and references
https://github.com/Colin-b/requests_auth