Refresh incorrectly attempted when both static access_token and developer_token are present

[sserrata]

Describe the bug

When both a static access_token and developer_token are present, a refresh() is incorrectly triggered when the access_token expires.

Expected behavior

Defining a static access_token should take precedence over a developer_token and suppress auto_refresh behavior.

Current behavior

When both a static access_token and developer_token are present, a refresh() is incorrectly triggered when the access_token expires.

Possible solution

The general approach would be to add a check for existence of a static access_token if a developer_token is present. If the access_token exists, the refresh() should be bypassed. The result should then be a 401 authentication error.

Steps to reproduce

• Export both a PAN_DEVELOPER_TOKEN and PAN_ACCESS_TOKEN
• Wait for the access_token to expire.
• Attempt a refresh() and observe the refresh attempt.

Screenshots

Context

Your Environment

• Version used: alpha8
• Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3):
• Operating System and version (desktop or mobile):
• Link to your project:

[hvt]

Also when providing the access_token as an explicit constructor argument of Credentials (i.e. not extracted from the environment), this takes place.

[sserrata]

Thanks @hvt , I made note of that behavior as well.

[sserrata]

Currently, auto_refresh=False is the only supported means to disabling the refresh behavior altogether. Automatically disabling auto_refresh, if a static access_token is passed, will require a bit more refactoring.

For now, I'll issue the fix for bypassing the developer_token refresh if a static access_token is detected and will revisit disabling auto_refresh in the future.