oauth2.Config captures ctx and re-uses it later #388

vangent · 2019-06-26T15:27:02Z

https://github.com/golang/oauth2/blob/master/oauth2.go#L239

For example, if I do something like this:

  ctx, cancel := context.WithCancel(context.Background())
  ts, err := google.DefaultTokenSource(ctx)
  cancel()
  tkn, err := ts.Token()

the last line will fail every time because the HTTP request isn't made until then, using the ctx I provided to DefaultTokenSource. Somewhere near here: https://github.com/golang/oauth2/blob/master/oauth2.go#L265

This is very surprising and should at least be documented clearly on DefaultTokenSource, FindDefaultCredentials, etc.

#262 is possibly related.

/cc @jba @zombiezen

The text was updated successfully, but these errors were encountered:

vangent · 2019-06-26T17:40:04Z

Introduced in https://golang.org/cl/45370.

vangent · 2019-06-26T17:40:19Z

/cc @broady

broady · 2019-06-26T18:32:47Z

+1, this is certainly a problem (there's many problems with this package that I won't go into) and +1 to #262, Token() should take a ctx, for sure. However, it makes ReuseTokenSource kind of awkward, because it becomes tempting to put stuff in the context that might change the type of token that's returned (e.g., something that changes per user), and if that varies between requests, then it's not valid to wrap it in ReuseTokenSource.

…

On Wed, Jun 26, 2019 at 10:40 AM Robert van Gent ***@***.***> wrote: /cc @broady <https://github.com/broady> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#388?email_source=notifications&email_token=AAAGDFUV3XIZJSEN34JT7ODP4OSYRA5CNFSM4H3TPCRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYUJB5Y#issuecomment-505975031>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAAGDFXYC7C2KWPILC56NFDP4OSYRANCNFSM4H3TPCRA> .

jacobsevart · 2021-02-01T20:45:07Z

We just got bit by the same problem, causing all requests to fail once the initial token expired, since the context used to attempt the refresh had expired after application startup.

Suggestion: reuseTokenSource should refuse to construct if the underlying token source has a context deadline.

The context given to Client() will be stored and reused for token refreshes througout the life of the Config. If the context expires e.g. during application startup, refresh attempts will fail. Updates golang#388

jacobsevart · 2021-02-25T17:54:09Z

Hi folks, I've uploaded a pull request to document this issue and report a more useful error.

jacobsevart mentioned this issue Feb 25, 2021

oauth2: document that provided context will be used in refresh requests. #480

Open

willmo mentioned this issue Jul 12, 2023

Request context is lost #457

Closed

adg mentioned this issue Oct 2, 2023

TokenSource.Token method should take in a Context #262

Open

mgyucht mentioned this issue Oct 26, 2023

When using M2M client credentials, after an hour, can no longer refresh token databricks/databricks-sdk-go#671

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

oauth2.Config captures ctx and re-uses it later #388

oauth2.Config captures ctx and re-uses it later #388

vangent commented Jun 26, 2019

vangent commented Jun 26, 2019

vangent commented Jun 26, 2019

broady commented Jun 26, 2019 via email

jacobsevart commented Feb 1, 2021

jacobsevart commented Feb 25, 2021

oauth2.Config captures ctx and re-uses it later #388

oauth2.Config captures ctx and re-uses it later #388

Comments

vangent commented Jun 26, 2019

vangent commented Jun 26, 2019

vangent commented Jun 26, 2019

broady commented Jun 26, 2019 via email

jacobsevart commented Feb 1, 2021

jacobsevart commented Feb 25, 2021