Retry retrieving an access token with exponential backoff

When the OIDC provider is unavailable when a new token is requested, the client
is stuck for an indefinite state. This is only resolved by restarting the client or
the server.

With this feature, we want to achieve a scenario where a token is requested for a
set amount of retries when the OIDC provider is not available.

pkg/auth/oidc.go

@@ -17,6 +17,7 @@ package auth
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/samber/lo"
@@ -56,12 +57,27 @@ func NewOidcAuthSetter(additionalAuthScopes []v1.AuthScope, cfg v1.AuthOIDCClien
 	}
 }
 
-func (auth *OidcAuthProvider) generateAccessToken() (accessToken string, err error) {
+func withRetries(retries int, fn func() (accessToken string, error error)) (accessToken string, err error) {
-	tokenObj, err := auth.tokenGenerator.Token(context.Background())
+	exponentialBackOff := time.Second * 1
-	if err != nil {
+	for i := 0; i < retries; i++ {
-		return "", fmt.Errorf("couldn't generate OIDC token for login: %v", err)
+		accessToken, err = fn()
+		if err == nil {
+			return accessToken, nil
+		}
+		time.Sleep(exponentialBackOff)
+		exponentialBackOff *= 2
 	}
-	return tokenObj.AccessToken, nil
+	return "", err
+}
+
+func (auth *OidcAuthProvider) generateAccessToken() (accessToken string, err error) {
+	return withRetries(10, func() (accessToken string, error error) {
+		tokenObj, err := auth.tokenGenerator.Token(context.Background())
+		if err != nil {
+			return "", fmt.Errorf("couldn't generate OIDC token for login: %v", err)
+		}
+		return tokenObj.AccessToken, nil
+	})
 }
 
 func (auth *OidcAuthProvider) SetLogin(loginMsg *msg.Login) (err error) {