New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #1059 by adding the token rotation feature support #1060
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1060 +/- ##
==========================================
- Coverage 84.33% 84.14% -0.20%
==========================================
Files 95 99 +4
Lines 8938 9239 +301
==========================================
+ Hits 7538 7774 +236
- Misses 1400 1465 +65
Continue to review full report at Codecov.
|
e9703c9
to
383bab4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comments for reviews or future reference
@@ -116,7 +116,7 @@ async def oauth_callback(req: Request): | |||
body=html, | |||
) | |||
|
|||
error = req.args["error"] if "error" in req.args else "" | |||
error = req.args.get("error") if "error" in req.args else "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
req.args["error"]
returns an array in Sanic's latest version.
is_enterprise_install=is_enterprise_install, | ||
) | ||
if installation is not None: | ||
updated_installation = token_rotator.perform_token_rotation( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bolt for Python internally uses this TokenRotator
in authorize middleware. Bolt users do not need to directly use this.
|
||
raw_body = request.data.decode("utf-8") | ||
body = parse_body(body=raw_body, content_type=extract_content_type(request.headers)) | ||
rotate_tokens( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Run the rotation for all incoming requests for easy testing
bot_refresh_token=oauth_response.get("refresh_token"), | ||
bot_token_expires_in=oauth_response.get("expires_in"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
newly added
user_refresh_token=installer.get("refresh_token"), | ||
user_token_expires_in=installer.get("expires_in"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
newly added
self, | ||
*, | ||
installation: Installation, | ||
minutes_before_expiration: int = 120, # 2 hours by default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aligned with bolt-js
code: str, | ||
# This field is required when processing the OAuth redirect URL requests | ||
# while it's absent for token rotation | ||
code: Optional[str] = None, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now code
is optional
# find bots | ||
bot = store.find_bot(enterprise_id="E111", team_id="T111") | ||
self.assertIsNotNone(bot) | ||
self.assertEqual(bot.bot_refresh_token, "xoxe-1-refreshed") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test verifies if the find_bot call returns the refreshed token
bot_refresh_token="xoxe-1-initial", | ||
bot_token_expires_in=43200, | ||
) | ||
refreshed = self.token_rotator.perform_token_rotation( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the perform_token_rotation
method returns a new installation data, your app needs to call InstallationStore#save(installation)
to save the new values.
@@ -70,6 +92,12 @@ def _handle(self): | |||
if self.headers["authorization"] == "Basic MTExLjIyMjpzZWNyZXQ=": | |||
self.wfile.write("""{"ok":true}""".encode("utf-8")) | |||
return | |||
elif ( | |||
self.headers["authorization"] | |||
== "Basic MTExLjIyMjp0b2tlbl9yb3RhdGlvbl9zZWNyZXQ=" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This means the values (client_id="111.222", client_secret="token_rotation_secret") that are used in the tests
5d480c2
to
6ae2d3b
Compare
Summary
This pull request fixes #1059 by adding token rotation feature support in this SDK.
TODOs:
[ ] Update the OAuth module docs(in a different PR)Category (place an
x
in each of the[ ]
)/docs-src
(Documents, have you run./docs.sh
?)/docs-src-v2
(Documents, have you run./docs-v2.sh
?)/tutorial
(PythOnBoardingBot tutorial)tests
/integration_tests
(Automated tests for this library)Requirements (place an
x
in each[ ]
)python3 -m venv .venv && source .venv/bin/activate && ./scripts/run_validation.sh
after making the changes.