use token to login #1201
use token to login #1201
Conversation
|
I’d recommend calling the environment variable FERMYON_TOKEN. Hippo has no concept of a personal access token at this time. |
rajatjindal
force-pushed
the
use-token
branch
3 times, most recently
from
3106e5e
to
0887fc3
Compare
rajatjindal
force-pushed
the
use-token
branch
2 times, most recently
from
95e8eb8
to
c70ac26
Compare
rajatjindal
force-pushed
the
use-token
branch
from
c70ac26
to
f1b46ef
Compare
rajatjindal
force-pushed
the
use-token
branch
from
f1b46ef
to
fc4bf1b
Compare
|
this is ready for review again @lann @itowlson @bacongobbler, thanks |
rajatjindal
force-pushed
the
use-token
branch
3 times, most recently
from
f0b969b
to
62dd19c
Compare
src/commands/deploy.rs
Outdated
| match &login_connection.expiration { | ||
| Some(expiration) => match DateTime::parse_from_rfc3339(expiration) { | ||
| Ok(time) => Utc::now() > time, | ||
| Err(_) => true, |
There was a problem hiding this comment.
So if I'm reading this correctly, if the expiration date cannot be parsed from the token string, we consider it to be expired.
Should we log an error message about the expiration date failing to be parsed? Shouldn't we inform the user that the token contains an invalid expiration date?
There was a problem hiding this comment.
currently if the token is expired (or it has failed during parsing), we initialize the login process automatically. after adding this log msg, this is how it would look like to user
$) spin deploy
Failed to parse token expiration time 'abc'
Error: premature end of input
Copy your one-time code:
2geg5Xf9
...and open the authorization page in your browser:
https://cloud.fermyon.com/device-authorization
Waiting for device authorization...
does this look ok?
There was a problem hiding this comment.
in a CI scenario, if this were to happen, the step will be stuck forever. should we just exit instead of restarting auth if expiration parsing has failed.
here is what we currently do when token json file is invalid:
$) spin deploy
Error: expected `,` or `}` at line 3 column 3
There was a problem hiding this comment.
I think we should exit when we've read invalid data. There's no guarantee that attempting a second login will give us valid data.
There was a problem hiding this comment.
changed it to print following msg, and exit if parsing of expiration time fails.
spin deploy
Failed to parse token expiration time 'abc'. Error: premature end of input
Run `spin login` to log in again
5a36df8
to
211ddd9
Compare
src/commands/login.rs
Outdated
| }) | ||
| .list_apps() | ||
| .await | ||
| .context("token validation failed")?; |
There was a problem hiding this comment.
Entered a wrong token and this was the result:
$ spin cloud login
Error: token validation failed
Caused by:
There was a problem hiding this comment.
@itowlson earlier suggested:
"Login using the provided token failed. Run spin login or create a new token using the Fermyon Cloud user interface."
does this look ok?
(this will change token validation failed with above message. Caused by: will remain as is because it seems to be coming from anyhow crate)
There was a problem hiding this comment.
this is how it looks like with latest changes:
➜ spin login --token abc
Error: Login using the provided token failed. Run `spin login` or create a new token using the Fermyon Cloud user interface.
Caused by:
Signed-off-by: Rajat Jindal <[email protected]>
|
|
||
| let token_info = TokenInfo { | ||
| token: self.token.clone(), | ||
| expiration: None, |
There was a problem hiding this comment.
is the plan to add expiration details in the future?
There was a problem hiding this comment.
Yes. Eventually personal access tokens can be created with a timed expiration, but it's not part of the MVP. You can still revoke access by deleting the token, however.
|
thank you for the review/approval Michelle (and everyone) |
this is a poc for fermyon/cloud-plugin#103
cc @itowlson @lann