When configuring a OAuth2 client using the client_secret_file configuration option, the original intent of the code was to not forcefully refetch a token if the content of the file didn't change.
However, both the test and the implementation had 2 typos and a new token token was fetched on every request through the HTTP client:
The code was always keeping track of the very first secret configured ; in the case of a secret coming from a file, the secret kept in the state was always empty and would never match the content of the file (except if the file contains nothing, in which case the authentication couldn't proceed anyway).
The test for this feature was using an inline secret which was never changing, instead of the intended secret file. Thus, as the secret was never changed, the token endpoint was never called.
I extracted the secret variable from the tests to make it, hopefully, a bit clearer to see it's actual type.
When configuring a OAuth2 client using the
client_secret_file
configuration option, the original intent of the code was to not forcefully refetch a token if the content of the file didn't change.However, both the test and the implementation had 2 typos and a new token token was fetched on every request through the HTTP client:
secret
configured ; in the case of a secret coming from a file, the secret kept in the state was always empty and would never match the content of the file (except if the file contains nothing, in which case the authentication couldn't proceed anyway).I extracted the secret variable from the tests to make it, hopefully, a bit clearer to see it's actual type.