temp workaround for oidc auth dropping issue

Add a method to "kick" the refresh thread and re-post the tokens in the case where the thread is somehow still running & controller pushes out an AUTH_REQUIRED. This situation happens in a corner case still under investigation where the controller pushes out many copies of the network config repeatedly
2022-01-20 09:44:56 -08:00
parent cdd25c389e
commit d719137565
5 changed files with 47 additions and 4 deletions
--- a/zeroidc/src/lib.rs
+++ b/zeroidc/src/lib.rs
@@ -48,6 +48,7 @@ struct Inner {
    access_token: Option<AccessToken>,
    refresh_token: Option<RefreshToken>,
    exp_time: u64,
+    kick: bool,

    url: Option<Url>,
    csrf_token: Option<CsrfToken>,
@@ -109,6 +110,7 @@ impl ZeroIDC {
                access_token: None,
                refresh_token: None,
                exp_time: 0,
+                kick: false,

                url: None,
                csrf_token: None,
@@ -138,6 +140,11 @@ impl ZeroIDC {
        Ok(idc)
    }

+    fn kick_refresh_thread(&mut self) {
+        let local = Arc::clone(&self.inner);
+        (*local.lock().unwrap()).kick = true;
+    }
+
    fn start(&mut self) {
        let local = Arc::clone(&self.inner);

@@ -160,7 +167,15 @@ impl ZeroIDC {
                    }
                    let refresh_token = (*inner_local.lock().unwrap()).refresh_token.clone();
                    if let Some(refresh_token) =  refresh_token {
-                        if now >= (exp - Duration::from_secs(30)) {
+                        let should_kick = (*inner_local.lock().unwrap()).kick;
+                        if now >= (exp - Duration::from_secs(30)) || should_kick {
+                            if should_kick {
+                                #[cfg(debug_assertions)] {
+                                    println!("refresh thread kicked");
+                                }
+                                (*inner_local.lock().unwrap()).kick = false;
+                            }
+
                            let token_response = (*inner_local.lock().unwrap()).oidc_client.as_ref().map(|c| {
                                let res = c.exchange_refresh_token(&refresh_token)
                                    .request(http_client);
@@ -356,6 +371,11 @@ impl ZeroIDC {
    pub fn set_nonce_and_csrf(&mut self, csrf_token: String, nonce: String) {
        let local = Arc::clone(&self.inner);
        (*local.lock().expect("can't lock inner")).as_opt().map(|i| {
+            if i.running {
+                println!("refresh thread running. not setting new nonce or csrf");
+                return
+            }
+
            let need_verifier = match i.pkce_verifier {
                None => true,
                _ => false,