Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KTOR-7644 Make re-auth status codes configurable #4420

Open
wants to merge 4 commits into
base: 3.1.0-eap
Choose a base branch
from
Open

KTOR-7644 Make re-auth status codes configurable #4420

wants to merge 4 commits into from
+54 −14

Conversation

wkornewald
Copy link
Contributor

Some services use 403 instead of 401. Changing them might be impossible. With this change Ktor can flexibly work with any broken service.

@wkornewald wkornewald changed the title Make re-auth status codes configurable KTOR-7644 Make re-auth status codes configurable Oct 28, 2024
@osipxd osipxd changed the base branch from main to 3.1.0-eap October 29, 2024 09:11
@osipxd osipxd force-pushed the 3.1.0-eap branch 2 times, most recently from a65ff10 to 9ae3d49 Compare October 31, 2024 10:15
@wkornewald
KTOR-7644 Make re-auth status codes configurable
5f0ca66 
Some services use 403 instead of 401. Changing them might be impossible. With this change Ktor can flexibly work with any broken service.
osipxd
osipxd reviewed Nov 1, 2024
View reviewed changes
Copy link
Member

@osipxd osipxd left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the pull request! Seems useful to me
Let's discuss an alternative approach before we merge this.

ktor-client/ktor-client-plugins/ktor-client-auth/common/src/io/ktor/client/plugins/auth/Auth.kt Outdated
if (origin.request.attributes.contains(AuthCircuitBreaker)) return@on origin

var call = origin

val candidateProviders = HashSet(providers)

while (call.response.status == HttpStatusCode.Unauthorized) {
while (call.response.status in pluginConfig.reAuthStatusCodes) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Speaking of broken services, I've seen some APIs returning 200 OK with actual status code in a body. We could provide a lambda instead of a list of statuses:

var isUnauthorized: (HttpResponse) -> Boolean = { it.status == HttpStatusCode.Unauthorized }

@e5l, @bjhham, @marychatte, what do you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sounds much better than the list. I've pushed that change.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@osipxd
I like the idea with lambda!

returning 200 OK with actual status code in a body

Do you mean it could be used like this?
isUnauthorized = { it.bodyAsText() == "401" }
If yes, then isUnauthorized function should be suspend

ktor-client/ktor-client-plugins/ktor-client-auth/common/src/io/ktor/client/plugins/auth/Auth.kt Outdated Show resolved Hide resolved
osipxd
osipxd approved these changes Nov 5, 2024
View reviewed changes
Copy link
Member

@osipxd osipxd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank you!
@bjhham, @marychatte, could you also take a look?

wkornewald
wkornewald commented Nov 5, 2024
View reviewed changes
ktor-client/ktor-client-plugins/ktor-client-auth/common/src/io/ktor/client/plugins/auth/Auth.kt Outdated
Comment on lines 44 to 45
* [providers] - list of auth providers to use.
* [isUnauthorized] - lambda function to control whether a response is unauthorized and should trigger a re-auth.
Copy link
Contributor Author

@wkornewald wkornewald Nov 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something else: this refers to variables that are actually defined on AuthConfig. Shouldn't the docstring be defined there instead or at least refer to the full path [AuthConfig.providers]? I just copied the existing code, but maybe this should be fixed, too.

@marychatte
Copy link
Member

Thanks for the PR! Can we also please add tests for it?

@wkornewald
Copy link
Contributor Author

Thanks for the PR! Can we also please add tests for it?

Sure, added one and switched to a suspend lambda.

@osipxd osipxd self-requested a review November 7, 2024 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marychatte marychatte marychatte left review comments

@osipxd osipxd Awaiting requested review from osipxd

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wkornewald @marychatte @osipxd