Skip to content

Patch for cases where the bearer token has no expiration #594

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Patch for cases where the bearer token has no expiration #594

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
73f7e1c
Patch for cases where the bearer token has no expiration
ponyisi May 21, 2025
ec271b5
Remove debugging statement
ponyisi May 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions servicex/servicex_adapter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,11 +85,21 @@ def _get_bearer_token_file():
bearer_token = f.read().strip()
return bearer_token

@staticmethod
def _effective_expiration(tok) -> float:
import sys

decoded_tok = jwt.decode(tok, verify=False)
if "exp" not in decoded_tok:
# Token is missing an expiration. Return the maximum float
return sys.float_info.max
return float(decoded_tok["exp"])

async def _get_authorization(self, force_reauth: bool = False) -> Dict[str, str]:
now = time.time()
if (
self.token
and jwt.decode(self.token, verify=False)["exp"] - now > 60
and self._effective_expiration(self.token) - now > 60
and not force_reauth
):
# if less than one minute validity, renew
Expand All @@ -105,7 +115,7 @@ async def _get_authorization(self, force_reauth: bool = False) -> Dict[str, str]
if (
not self.token
or force_reauth
or float(jwt.decode(self.token, verify=False)["exp"]) - now < 60
or self._effective_expiration(self.token) - now < 60
):
await self._get_token()
return {"Authorization": f"Bearer {self.token}"}
Expand Down
13 changes: 6 additions & 7 deletions tests/test_servicex_adapter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,16 +106,15 @@ async def test_get_transforms_wlcg_bearer_token(
)
token_file.close()

os.environ["BEARER_TOKEN_FILE"] = token_file.name
with patch.dict(os.environ, {"BEARER_TOKEN_FILE": token_file.name}, clear=True):

# Try with an expired token
with pytest.raises(AuthorizationError) as err:
decode.return_value = {"exp": 0.0}
await servicex.get_transforms()
assert "ServiceX access token request rejected:" in str(err.value)
# Try with an expired token
with pytest.raises(AuthorizationError) as err:
decode.return_value = {"exp": 0.0}
await servicex.get_transforms()
assert "ServiceX access token request rejected:" in str(err.value)

os.remove(token_file.name)
del os.environ["BEARER_TOKEN_FILE"]


@pytest.mark.asyncio
Expand Down
Loading