Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh incorrectly attempted when both static access_token and developer_token are present #147

Closed
sserrata opened this issue Apr 2, 2020 · 3 comments · Fixed by #150
Closed

Refresh incorrectly attempted when both static access_token and developer_token are present #147

sserrata opened this issue Apr 2, 2020 · 3 comments · Fixed by #150
Assignees
@sserrata
Labels
bug Something isn't working

Comments

@sserrata
Copy link
Member

sserrata commented Apr 2, 2020

Describe the bug

When both a static access_token and developer_token are present, a refresh() is incorrectly triggered when the access_token expires.

Expected behavior

Defining a static access_token should take precedence over a developer_token and suppress auto_refresh behavior.

Current behavior

When both a static access_token and developer_token are present, a refresh() is incorrectly triggered when the access_token expires.

Possible solution

The general approach would be to add a check for existence of a static access_token if a developer_token is present. If the access_token exists, the refresh() should be bypassed. The result should then be a 401 authentication error.

Steps to reproduce

  • Export both a PAN_DEVELOPER_TOKEN and PAN_ACCESS_TOKEN
  • Wait for the access_token to expire.
  • Attempt a refresh() and observe the refresh attempt.

Screenshots

Context

Your Environment

  • Version used: alpha8
  • Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3):
  • Operating System and version (desktop or mobile):
  • Link to your project:
@sserrata sserrata added the bug Something isn't working label Apr 2, 2020
@sserrata sserrata self-assigned this Apr 2, 2020
@hvt
Copy link
Contributor

hvt commented Apr 3, 2020

Also when providing the access_token as an explicit constructor argument of Credentials (i.e. not extracted from the environment), this takes place.

@sserrata
Copy link
Member Author

sserrata commented Apr 3, 2020

Thanks @hvt , I made note of that behavior as well.

@sserrata
Copy link
Member Author

sserrata commented Apr 3, 2020

Currently, auto_refresh=False is the only supported means to disabling the refresh behavior altogether. Automatically disabling auto_refresh, if a static access_token is passed, will require a bit more refactoring.

For now, I'll issue the fix for bypassing the developer_token refresh if a static access_token is detected and will revisit disabling auto_refresh in the future.

sserrata added a commit to sserrata/pan-cortex-data-lake-python that referenced this issue Apr 3, 2020
@sserrata
Check if static access_token exists before developer token refresh, f…
00b7921 
…ixes PaloAltoNetworks#147
@sserrata sserrata mentioned this issue Apr 3, 2020
Merged
4 tasks
sserrata added a commit that referenced this issue Apr 3, 2020
@sserrata
Alpha9 (#150)
d3709b3 
* Update clientType and clientVersion, fixes #149

* Reduce number of times json() property is called, fixes #148

* Check if static access_token exists before developer token refresh, fixes #147

* Bump version to alpha9
@sserrata sserrata mentioned this issue Apr 13, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sserrata sserrata

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Alpha9 sserrata/pan-cortex-data-lake-python
2 participants
@hvt @sserrata