swagger-ui icon indicating copy to clipboard operation
swagger-ui copied to clipboard

Published 20 hours ago verified publisher icon swagger-api

Add support to refresh token automatically

Open ralucaDascalu opened this issue 2 years ago • 1 comments

Description

This is just a small change that allows you to refresh the token automatically when authorising requests. The token is refreshed after 75% of the expiring time for the actual token. I also added a flag to turn the refresh feature on and off that is set to true by default. I would still need to add automatic tests and change the documentation.

Motivation and Context

While I was working with swagger I wanted to have an option for automatic token refresh to make testing easier. I was researching how to enable this feature and found out that swagger doesn't have support for it yet and that many other people were also waiting for such a feature. Fixes #7257

How Has This Been Tested?

I manually tested this feature but I didn't add any automatic test yet. I'm also pretty new to writing tests so any help would be appreciated.

Checklist

My PR contains...

  • [ ] No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • [ ] Dependency changes (any modification to dependencies in package.json)
  • [ ] Bug fixes (non-breaking change which fixes an issue)
  • [x] Improvements (misc. changes to existing features)
  • [x] Features (non-breaking change which adds functionality)

My changes...

  • [ ] are breaking changes to a public API (config options, System API, major UI change, etc).
  • [ ] are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • [ ] are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • [x] are not breaking changes.

Documentation

  • [ ] My changes do not require a change to the project documentation.
  • [x] My changes require a change to the project documentation.
  • [ ] If yes to above: I have updated the documentation accordingly.

Automated tests

  • [ ] My changes can not or do not need to be tested.
  • [x] My changes can and should be tested by unit and/or integration tests.
  • [ ] If yes to above: I have added tests to cover my changes.
  • [ ] If yes to above: I have taken care to cover edge cases in my tests.
  • [ ] All new and existing tests passed.

ralucaDascalu avatar Jun 06 '22 08:06 ralucaDascalu

@ralucaDascalu Thanks for the PR! Definitely very promising.

Two immediate thoughts:

  1. refreshTokenAutomatically. Let's rename to authAutoRefreshTokenEnabled. Then add a separate authTokenOptions object, though maybe there's an even more generic name that could possibly incorporate any Authorization related settings in the future, e.g. oauth2RedirectUrl and persistAuthorization. Don't need to add legacy flags to this new config object for now.
  2. Should have a configurable max time/count limit, even with auto-refresh. E.g. 12 hours. I understand the need for dev testing, and real-world convenience, but it's not great security to never expire access. Better to require the user to provide a longer duration if needed.

re: testing. Jest unit tests are probably the best option here. One would need to mock of the Auth interactions and config options via jest.fn() and jest.mockImplementation(). I'm thinking that testing could be isolated to non-React functions to verify enable/disable' states, and timeLimit` calls.

tim-lai avatar Jul 19 '22 19:07 tim-lai

Hello, I will try to continue to work that Raluca did on this PR, can I have access to push on this fork or do I need to fork again ?

jbernard-s4m avatar Mar 22 '23 14:03 jbernard-s4m

Hi! Is there something we can do to help progress on this pull request? I think a lot of swagger-ui users are very interested in this feature 😄

cfecherolle avatar May 25 '23 08:05 cfecherolle