search

microsoft / ado-npm-auth

This package can automatically use the azureauth CLI to fetch tokens and update a user's .npmrc file for authenticating to Azure DevOps npm feeds.
MIT License
9 stars 7 forks source link

Fail faster in `checkTokens` #17

Open jonchurch opened 4 months ago

jonchurch commented 4 months ago

Currently the code to check tokens will return false if any of the tokens we detect fail the network request.

But we are still doing sequential network calls to check that.

This PR goes full fail fast via Promise.all and returns false if we reject

Is it faster? For most people, prolly not ¯\_(ツ)_/¯ but if a user has several tokens (like I do) but only the last of 10 is bad, it should give us a faster result.

jonchurch commented 4 months ago

Edit: blegh, I haven't been able to find a way to parse the token expiry. I thought I'd done this in the past, the same way you can with a JWT, but Im not finding satisfaction this time.

I stand by this change, but interestingly we may also be able to parse the token to check its expiry, so we can fail even faster w/o a network request.

We'd still want to verify via network, but if we can fail even faster on good confidence the network request won't work bc token expiration, then that's awesome.

jonchurch commented 4 months ago

Requested changes have been made!

The token parsing to check expiry locally isn't possible rn from what I have seen.