Failed refresh of KeyFlow AccessToken may permanently break refresh

[MichaelEischer]

We've run into a problem where apparently the accessToken refresh failed and lead to a permanently missing token. That caused requests to fail with undefined response type, status code 401, Body: Jwt is missing.

Judging from the code, the culprit could be in the following lines:

https://github.com/stackitcloud/stackit-sdk-go/blob/7b7757582f9c9ad16fb2fb23e2dbe0694e3413be/core/clients/key_flow.go#L362-L368

If the decoding fails, then the accessToken is empty which prevents further refresh operations. Ideally, the token should be decoded before the critical section and only atomically swap c.token if it was successfully decoded.

[Edit]After taking another look at the code, the problem was probably already fixed in core v0.10.0. But I still think the decoding error handling can be improved.[/Edit]

[GokceGK]

Hi @MichaelEischer ,

Thank you for opening the issue. We highly recommend to update (if possible) to the latest core version v0.12.0, to access all improvements and fixes.

We will verify the decoding and check for possible improvements.

[MichaelEischer]

Thanks, yes the upgrade to the latest core version is already in progress.