From 96c5dbd992aa02e7e60a428cea504b2c0cc6c51b Mon Sep 17 00:00:00 2001 From: Rob Kenis Date: Tue, 24 Oct 2023 16:57:53 +0200 Subject: [PATCH] Retry retrieving an access token with exponential backoff When the OIDC provider is unavailable when a new token is requested, the client is stuck for an indefinite state. This is only resolved by restarting the client or the server. With this feature, we want to achieve a scenario where a token is requested for a set amount of retries when the OIDC provider is not available. --- pkg/auth/oidc.go | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/pkg/auth/oidc.go b/pkg/auth/oidc.go index f428a04d..259ff878 100644 --- a/pkg/auth/oidc.go +++ b/pkg/auth/oidc.go @@ -17,6 +17,7 @@ package auth import ( "context" "fmt" + "time" "github.com/coreos/go-oidc/v3/oidc" "github.com/samber/lo" @@ -56,12 +57,27 @@ func NewOidcAuthSetter(additionalAuthScopes []v1.AuthScope, cfg v1.AuthOIDCClien } } -func (auth *OidcAuthProvider) generateAccessToken() (accessToken string, err error) { - tokenObj, err := auth.tokenGenerator.Token(context.Background()) - if err != nil { - return "", fmt.Errorf("couldn't generate OIDC token for login: %v", err) +func withRetries(retries int, fn func() (accessToken string, error error)) (accessToken string, err error) { + exponentialBackOff := time.Second * 1 + for i := 0; i < retries; i++ { + accessToken, err = fn() + if err == nil { + return accessToken, nil + } + time.Sleep(exponentialBackOff) + exponentialBackOff *= 2 } - return tokenObj.AccessToken, nil + return "", err +} + +func (auth *OidcAuthProvider) generateAccessToken() (accessToken string, err error) { + return withRetries(10, func() (accessToken string, error error) { + tokenObj, err := auth.tokenGenerator.Token(context.Background()) + if err != nil { + return "", fmt.Errorf("couldn't generate OIDC token for login: %v", err) + } + return tokenObj.AccessToken, nil + }) } func (auth *OidcAuthProvider) SetLogin(loginMsg *msg.Login) (err error) {