-
Task
-
Resolution: Unresolved
-
Major
-
4.4.1.AM2
The lifecycle of the token is rather weird and needs a consistent logic:
When connecting via wizard the token is set in the connection wizard:
...
try {
IConnection connection = createConnection(connectionFactory, connectionAuthenticationProvider);
...
... if (authProvider != null) { authProvider.update(connection); // sets the token } ...
... connection.setAuthScheme(IAuthorizationContext.AUTHSCHEME_OAUTH); connection.setToken(tokenObservable.getValue()); connection.setRememberToken(rememberTokenObservable.getValue()); ...
if(authorize()) {
...
... if (context.isAuthorized()) { String username = context.getUser().getName(); String token = context.getToken(); updateAuthorized(username, token); } else { ...
The token is then fetched from client and set to the connection
setToken(token); ...
and the password is cleared
} else if (IAuthorizationContext.AUTHSCHEME_OAUTH.equals(getAuthScheme())){ boolean success = saveOrClear(SECURE_STORAGE_TOKEN_KEY, this.token, isRememberToken()); if(success) { //Avoid second secure storage prompt. //Token is stored, password should be cleared. clearPassword();
I suspect the aim here is to clear existing password in secure storage if the user is switching password->token based auth (and vice versa)
The opposite is then not fully congruent. The token is only cleared in secure storage, not in Connection instance var
if (IAuthorizationContext.AUTHSCHEME_BASIC.equals(getAuthScheme())) { boolean success = saveOrClear(SECURE_STORAGE_PASSWORD_KEY, this.password, isRememberPassword()); if (success) { //Avoid second secure storage prompt. // Password is stored, token should be cleared. clearToken(); } {code:Connection#clearToken} // dont clear the token instance var: JBIDE-22594 setRememberToken(false); saveOrClear(SECURE_STORAGE_TOKEN_KEY, null, false);
I suspect that we should only clear in secure storage, not in the Connection instance as we see in JBIDE-22594 (for the opposite case where we dont clear the token in the Connection instance). But then one has to keep in mind that all auth is token based. Even if you auth via password initially, the auth is then switched to token based once the authorization succeeded and we got a token:
setToken(token); if (IAuthorizationContext.AUTHSCHEME_OAUTH.equalsIgnoreCase(getAuthScheme())) { setUsername(username); } // force auth strategy to token if authorized TokenAuthorizationStrategy tokenStrategy = new TokenAuthorizationStrategy(token, username); client.setAuthorizationStrategy(tokenStrategy);
Another issue is that the connection and the auth schemeare both stored in different classes. The connection is stored via
preferences.saveConnections(connections.keySet().toArray(new String[] {})); ...
while the auth scheme is stored in Connection#saveAuthSchemePreference:
saveAuthSchemePreference();
- is blocked by
-
JBIDE-22647 Update code to support openshift-restclient-java changes including auth context
- Closed
- is related to
-
JBIDE-22594 Deploy Docker Image wizard: password/token for registry is not prefilled even after choosing a connection
- Closed
-
JBIDE-22738 Deploy docker wizard: Image registry URL becomes null when going between Connection and Deploy pages
- Closed