zazuko / data-cube-curation

MIT License
1 stars 0 forks source link

Authenticate API calls in CLI #294

Closed sandhose closed 4 years ago

sandhose commented 4 years ago

This makes the CLI authenticate using the client_credentials grant.

This adds 4 flags, to specify the IdP, the client id/secret as well as arbitrary params added to the token request. This is useful when working with providers like Auth0, who need additional params to get proper JWT tokens

Because the access token can be short-lived (5min by default on Keycloak), I needed to have a renew mechanism. It is based on setInterval, because the Hydra.defaultHeaders method isn't async (maybe that could be a thing @tpluscode?)

Not sure how I'm supposed to test a pipeline, but locally I was able to run it without having 401 errors popping in the logs

sandhose commented 4 years ago

So the code can be simplified when defaultHeaders is improved to allow an async function?

Just a bit: instead of periodically renewing, I could renew if needed on each request