This PR updates the preview feature "re-auth" significantly. The changes allow for catering to a wider range of use cases including simple password rotation.
ExpirationBasedTokenManager was renamed to BearerTokenManager for handling potentially expiring auth information:
func ExampleBearerTokenManager() {
fetchAuthTokenFromMyProvider := func(ctx context.Context) (neo4j.AuthToken, *time.Time, error) {
// some way of getting a token
token, err := getSsoToken(ctx)
if err != nil {
return neo4j.AuthToken{}, nil, err
}
// assume we know our tokens expire every 60 seconds
expiresIn := time.Now().Add(60 * time.Second)
// Include a little buffer so that we fetch a new token *before* the old one expires
expiresIn = expiresIn.Add(-10 * time.Second)
// or return nil instead of `&expiresIn` if we don't expect it to expire
return token, &expiresIn, nil
}
// create a new driver with a bearer token manager which uses provider to handle possibly expiring auth tokens.
_, _ = neo4j.NewDriverWithContext(getUrl(), auth.BearerTokenManager(fetchAuthTokenFromMyProvider))
}
A BasicTokenManager token manager was added to handle password rotation:
func ExampleBasicTokenManager() {
fetchBasicAuthToken := func(ctx context.Context) (neo4j.AuthToken, error) {
// some way of getting basic authentication information
username, password, realm, err := getBasicAuth()
if err != nil {
return neo4j.AuthToken{}, err
}
// create and return a basic authentication token with provided username, password and realm
return neo4j.BasicAuth(username, password, realm), nil
}
// create a new driver with a basic token manager which uses provider to handle basic auth password rotation.
_, _ = neo4j.NewDriverWithContext(getUrl(), auth.BasicTokenManager(fetchBasicAuthToken))
}
This PR updates the preview feature "re-auth" significantly. The changes allow for catering to a wider range of use cases including simple password rotation.
ExpirationBasedTokenManager
was renamed toBearerTokenManager
for handling potentially expiring auth information:A
BasicTokenManager
token manager was added to handle password rotation: