Address User-to-server token expiration

[jamesaoverton]

If I have recently logged in to DROID and I go to a project page, e.g. https://droid.ontodev.com/ONTIE, then I can see a list of all branches that I see on GitHub for that project.

If I logged in a few days ago, DROID will still say that I'm logged in, but if I go to a project page then I will only see the local branches. Logging out and then back in fixes the problem.

[lmcmicu]

In the case where you logged in a few days ago, does the branch list update when you hit the Refresh button, or does it not work?

[jamesaoverton]

Sorry, I don't remember. I'll check next time this happens. You can set this issue aside until I do that.

[lmcmicu]

Currently there is a decorator (see https://github.com/ontodev/droid/blob/8e5d88b71e7677a829d655802c444835586ae548/src/droid/html.clj#L2042) around the project-page-rendering function that refreshes the remote branches for a project when it is empty, but not otherwise. One thing we can do in addition, if you like, is to keep track of how long ago a given project's remote branch list was refreshed. Then, when you hit the project page in your browser and it has been more than, say, 1 hour, since the last time the list has been refreshed, we can have DROID refresh it.

[lmcmicu]

FYI we can do this regardless of the answer to my earlier question about the Refresh button. It is only a small change. I've tested it and it seems to work.

[jamesaoverton]

As discussed on our call, this seems to be GitHub App's "User-to-server token expiration" feature. It is currently turned ON for droid.ontodev.com. It was a beta feature at the time of development.

1. We could turn this OFF ("Opt-out")
2. We could update DROID to refresh user tokens automatically

[lmcmicu]

FYI, here is the documentation for this feature (which is still beta): https://docs.github.com/en/enterprise-server@2.22/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens

I'll look into implementing the token renewal.