Skip to content

Missing Verification for Automatic OIDC Access Token Refreshing and JWT Expiration Claim Parsing #486

Description

@aniket866

Describe the bug

  • Location: pkg/connectors/microcks_client.go -> refreshAuthToken

  • Detailed Description:
    When you run the CLI for a long time (like keeping it active in the background), the security token it got when you logged in will eventually expire. To prevent commands from failing, we have code that reads the cached security token, parses it to see when it expires, and automatically requests a new one from the server if it's running out of time.

    Currently, we have zero tests checking this check-and-refresh logic. If a bug is introduced here, the CLI will suddenly stop working after a while and throw unauthorized errors (like HTTP 401) out of nowhere. We need to make sure the token checks are accurate and that the refresh requests are triggered correctly.

  • Test Requirements:

    • Verify that a valid, fresh token does not trigger a refresh.
    • Verify that a token close to expiry or already expired triggers the refresh server call.
    • Check that the CLI successfully updates the local configuration file with the new token.
    • Make sure the CLI handles cases where the refresh token itself has expired and tells the user to log in again.

Simulation Diagram

sequenceDiagram
    autonumber
    actor Test as Test Runner
    participant MC as microcksClient
    participant mockKC as Mock Keycloak Server (httptest)

    Test->>MC: Trigger refreshAuthToken() with Expired JWT
    activate MC
    MC->>MC: Parse JWT Claims & Detect Expiration (exp <= now)
    Note over MC: Expiration detected. Initiating refresh flow...
    MC->>mockKC: POST /protocol/openid-connect/token (refresh_token grant)
    activate mockKC
    mockKC-->>MC: HTTP 200 OK (New Auth & Refresh Tokens)
    deactivate mockKC
    MC->>MC: Save new tokens to localconfig YAML file
    MC-->>Test: Success (Token Refreshed)
    deactivate MC
Loading

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions