ryabrody
commented
2 years ago I am closing this as the issue was not in lhc the issue was in the consuming app.
In some apps we configure the refresh_client_token as following:
LHC::Auth.refresh_client_token = proc do
DummyAuthentication.access_token(refresh: true)
DummyAuthentication::AnyOtherProvider.access_token(refresh: true)
endThis will NOT work. The return value of that config will be used as the new refreshed token.
In that case it would always be the token for AnyOtherProvider. The response of those requests are then: LHC::Unauthorized - Authorization token invalid.
If the app uses more than one provider please configure the refresh_client_token on the provider or on the request call itself:
class AnyOtherProvider < LHS::Record
provider(
auth: {
bearer: -> { DummyAuthentication::AnyOtherProvider.access_token },
refresh_client_token: -> { DummyAuthentication::AnyOtherProvider.access_token(refresh: true) }
},
...```
As soon as more then one
refresh_client_tokenwere added to the proc:LHC runs into
LHC::Unauthorized - Authorization token invalid.errors as soon as we used more than one refresh. The problem is that LHC uses the return value of that proc as the new token and adds that to the Authentication Header as the bearer token. This works fine when the proc only includes one refresh token but as soon as there are more then one just the last one is taken for all request.This PR changes this and does not use the refresh_client_token in the authentication header it instead updates the bearer token form the auth_options and adds then that updated token to the request header.
Major changes => auth: bearer: needs to be a proc! that reathenticatio works => refresh_token is not used anymore as the refresh token. Now the auth bearer token needs to get updated when the refresh_token proc is called.