search

opentdf / otdfctl

OpenTDF command line interface
BSD 3-Clause Clear License
7 stars 4 forks source link

PKCE Auth token improvement #291

Closed jakedoublev closed 3 months ago

jakedoublev commented 3 months ago

We recently added a PKCE Auth Code flow login resulting in OIDC tokens.

https://github.com/opentdf/otdfctl/blob/main/pkg/handlers/auth.go#L136-L137

We will pass them to the SDK init such as the below:

// token is *oauth2.Token
sdk.WithOAuthAccessTokenSource(oauth2.StaticTokenSource(token))

There are two things we should improve.

  1. The result of the library's call oidcCLI.CodeFlow[*oidc.IDTokenClaims] is a decorated struct type and we're pulling the Token field of type *oauth2.Token off it. However, this is missing the Expiry field that the SDK will utilize in the Valid() call downstream.
  2. The Login result does not provide the id or refresh tokens for storage in the auth profile/keyring. We should store those for CLI-initiated refreshes later on.
jakedoublev commented 3 months ago

Resolved by https://github.com/opentdf/otdfctl/pull/296