Skip to content

Auth auto refresh token #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Auth auto refresh token #195

wants to merge 2 commits into from

Conversation

davixcky
Copy link
Contributor

@davixcky davixcky commented Jul 3, 2025
edited
Loading

Warning

This depends on https://github.com/signadot/signadot/pull/5941/files and it's corresponding SDK release

sequenceDiagram
    participant CLI as CLI Command
    participant API as API Client
    participant Auth as Auth Service
    participant Keyring as System Keyring

    Note over CLI,Keyring: Flow starts when any CLI command is executed

    CLI->>API: init()
    API->>Auth: ResolveAuth()
    Auth->>Keyring: Get stored auth info
    Keyring-->>Auth: Return auth info
    Auth-->>API: Return ResolvedAuth

    alt No auth found
        API-->>CLI: Return AuthNoFoundError
    else Auth exists
        API->>API: checkKeyringAuth()
        
        alt Token is expired && has refresh token
            API->>API: refreshKeyringAuth()
            API->>Auth: AuthDeviceRefreshToken API call
            Auth-->>API: New tokens (access + refresh)
            API->>Keyring: StoreAuthInKeyring(new tokens)
            API-->>CLI: Continue with refreshed tokens
        else Token is expired && no refresh token
            API-->>CLI: Return AuthExpiredError
        else Token is valid
            API-->>CLI: Continue with existing token
        end
    end
Loading

Little bit graphic usage

$ ./signadot sandbox list
Token expired
Refreshing token
NAME                      DESCRIPTION                  CLUSTER            CREATED          STATUS
pr-sd-apisvr-5941         apiserver sandbox for 5941   signadot-staging   41 minutes ago   Ready
pr-sd-apisvr-5940         apiserver sandbox for 5940   signadot-staging   23 hours ago     Ready
dev-apisvr-dorozco-test   apiserver local sandbox      signadot-staging   2 days ago       Not Ready
pr-sd-apisvr-5930         apiserver sandbox for 5930   signadot-staging   2 days ago       Ready
pr-sd-apisvr-5898         apiserver sandbox for 5898   signadot-staging   21 days ago      Ready
pr-sd-web-5866            web sandbox for 5866         signadot-staging   29 days ago      Ready
pr-sd-web-5867            web sandbox for 5867         signadot-staging   29 days ago      Ready
pr-sd-apisvr-5819         apiserver sandbox for 5819   signadot-staging   one month ago    Ready
prober-test               prober test                  signadot-staging   5 months ago     Ready
pr-sd-apisvr-5792         apiserver sandbox for 5792   signadot-staging   2 months ago     Ready
pr-sd-web-5789            web sandbox for 5789         signadot-staging   2 months ago     Ready
rollout-sbx                                            signadot-staging   2 months ago     Ready
pr-sd-apisvr-5725         apiserver sandbox for 5725   signadot-staging   2 months ago     Ready
pr-sd-apisvr-5353         apiserver sandbox for 5353   signadot-staging   2 months ago     Ready
reverse-shell-execution                                signadot-staging   4 months ago     Ready


$ ./signadot sandbox list
Token not expired
NAME                      DESCRIPTION                  CLUSTER            CREATED          STATUS
pr-sd-apisvr-5941         apiserver sandbox for 5941   signadot-staging   41 minutes ago   Ready
pr-sd-apisvr-5940         apiserver sandbox for 5940   signadot-staging   23 hours ago     Ready
dev-apisvr-dorozco-test   apiserver local sandbox      signadot-staging   2 days ago       Not Ready
pr-sd-apisvr-5930         apiserver sandbox for 5930   signadot-staging   2 days ago       Ready
pr-sd-apisvr-5898         apiserver sandbox for 5898   signadot-staging   21 days ago      Ready
pr-sd-web-5866            web sandbox for 5866         signadot-staging   29 days ago      Ready
pr-sd-web-5867            web sandbox for 5867         signadot-staging   29 days ago      Ready
pr-sd-apisvr-5819         apiserver sandbox for 5819   signadot-staging   one month ago    Ready
prober-test               prober test                  signadot-staging   5 months ago     Ready
pr-sd-apisvr-5792         apiserver sandbox for 5792   signadot-staging   2 months ago     Ready
pr-sd-web-5789            web sandbox for 5789         signadot-staging   2 months ago     Ready
rollout-sbx                                            signadot-staging   2 months ago     Ready
pr-sd-apisvr-5725         apiserver sandbox for 5725   signadot-staging   2 months ago     Ready
pr-sd-apisvr-5353         apiserver sandbox for 5353   signadot-staging   2 months ago     Ready
reverse-shell-execution                                signadot-staging   4 months ago     Ready

@davixcky davixcky requested review from daniel-de-vera, scott-cotton and foxish and removed request for daniel-de-vera July 3, 2025 19:36
@foxish foxish changed the title auth auto refresh token uth auto refresh token Jul 10, 2025
@foxish foxish changed the title uth auto refresh token Auth auto refresh token Jul 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scott-cotton scott-cotton Awaiting requested review from scott-cotton

@foxish foxish Awaiting requested review from foxish

@daniel-de-vera daniel-de-vera Awaiting requested review from daniel-de-vera

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@davixcky