Skip to content

Add automatic access token rotation for workspace apps #347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
RodneyU215 merged 21 commits into from
Sep 12, 2018
Merged

Add automatic access token rotation for workspace apps #347

RodneyU215 merged 21 commits into from
Sep 12, 2018

Conversation

@Roach
Copy link
Contributor

@Roach Roach commented Sep 5, 2018

Summary

With workspace apps comes the ability to use short-lived, expiring, tokens. This patch adds the ability for the client to automatically refresh access tokens after expiration and call your app's refresh callback to update said tokens in your app's datastore.

More info: https://api.slack.com/changelog/2018-08-workspace-token-rotation

Docs are still in progress.

Requirements (place an x in each [ ])

Roach added 4 commits August 27, 2018 23:51
@Roach
WIP Token Rotation
99f4d6f
@Roach
Added update callback to update client’s tokens internally
625cdb2 
Added token refresh method, automatic refresh on invalid_auth
Added expires_at to requester object to store token TTL
updated rtm_connect to check for token type
split HTTP request helper into builder and submitter methods
fixed token expiration ts, moved rtm_connect token type check into client
Added tests
@Roach
Fixed SSL error in tests
ab800a9
@Roach
Merge branch 'master' into roach/automatic-token-rotation
3026372
@Roach Roach self-assigned this Sep 5, 2018
aoberoi
aoberoi suggested changes Sep 6, 2018
View reviewed changes
Copy link
Contributor

@aoberoi aoberoi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't get a chance to look through the tests just yet. But I think there are enough comments here that the implementation might change significantly, so I didn't think it would be worth reviewing them just yet.

Roach added 3 commits September 5, 2018 18:33
@Roach
Fix timestamp creation
a405536
@Roach
Removed unneeded kwargs
4e4c6e2
@Roach
Renamed make_http_request back to do.
84350a4 
Removed unused token attribute
Added enterprise_id to token updater (commented out)
@codecov
Copy link

codecov bot commented Sep 6, 2018
edited
Loading

Codecov Report

Merging #347 into master will increase coverage by 1.97%.
The diff coverage is 84.88%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #347      +/-   ##
==========================================
+ Coverage    74.4%   76.38%   +1.97%     
==========================================
  Files          10       10              
  Lines         379      415      +36     
  Branches       67       74       +7     
==========================================
+ Hits          282      317      +35     
+ Misses         88       87       -1     
- Partials        9       11       +2
Impacted Files Coverage Δ
slackclient/slackrequest.py 100% <100%> (ø) ⬆️
slackclient/exceptions.py 54.54% <100%> (+4.54%) ⬆️
slackclient/client.py 66.66% <81.63%> (+14.2%) ⬆️
slackclient/server.py 84.09% <82.6%> (-1.71%) ⬇️
slackclient/channel.py 100% <0%> (+23.8%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 05dacba...5d99132. Read the comment docs.

jeffomatic
jeffomatic reviewed Sep 6, 2018
View reviewed changes
aoberoi
aoberoi suggested changes Sep 9, 2018
View reviewed changes
aoberoi
aoberoi suggested changes Sep 10, 2018
View reviewed changes
@aoberoi
Copy link
Contributor

aoberoi commented Sep 10, 2018

my review from the last 2 days is complete and up to date with all the latest code changes. the only unresolved issue from the previous reviews is this one: #347 (comment)

@CLAassistant
Copy link

CLAassistant commented Sep 11, 2018
edited
Loading

CLA assistant check
All committers have signed the CLA.

aoberoi
aoberoi suggested changes Sep 11, 2018
View reviewed changes
slackclient/server.py Outdated
self.reconnect_count = 0

reply = self.api_requester.do(self.token, connect_method, timeout=timeout, post_data=kwargs)
reply = self.api_requester.do(self.token, connect_method, kwargs)
Copy link
Contributor

@aoberoi aoberoi Sep 11, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please put the timeout argument back in and name the post_data argument.

@RodneyU215 RodneyU215 merged commit 0d3677a into master Sep 12, 2018
lavabyrd pushed a commit that referenced this pull request Apr 25, 2019
@Roach @RodneyU215
Add automatic access token rotation for workspace apps (#347)
1439675
@RodneyU215 RodneyU215 deleted the roach/automatic-token-rotation branch May 7, 2019 20:32
c-goosen pushed a commit to c-goosen/python-slackclient that referenced this pull request Jun 18, 2019
Add automatic access token rotation for workspace apps (slackapi#347)
655895c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

3 more reviewers

@jeffomatic jeffomatic jeffomatic left review comments

@RodneyU215 RodneyU215 RodneyU215 left review comments

@aoberoi aoberoi aoberoi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Roach Roach

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Roach @aoberoi @CLAassistant @jeffomatic @RodneyU215