Open lucymhdavies opened 6 months ago
https://stackoverflow.com/a/29005151 actually suggests that it's the http client which is handling the renewal.
this won't be present in the plugin, so we'll need to implement the refresh logic
An example plugin which has a PeriodicFunction https://github.com/monzo/vault-plugin-database-k8s-controller/blob/1263d9be21520fd2f7ddce6ad87fbff100f7583a/backend.go#L135
(though it's unclear how often this runs)
the oauth plugin has this refresh function we can take inspiration from https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/blob/main/pkg/provider/basic.go#L150-L176
with the caveat, i think, that we must include those specific files under Apache2 https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/tree/main?tab=Apache-2.0-1-ov-file#readme
perhaps: https://stackoverflow.com/questions/28685033/how-to-handle-refresh-tokens-in-golang-oauth2-client-lib