feat(auth): add token refresh and logout-all#227
Conversation
- Make login retain previous tokens by default - Add refresh and logout-all HTTP endpoints - Add client commands and SDK methods for token refresh and logout-all - Update OpenAPI, config example, and client guide
|
@un-lock-able Please redirect to merge to a branch you specified |
|
I think we can rename |
| /// Whether to keep previously issued login tokens valid when logging in | ||
| #[arg(long)] | ||
| #[serde(default)] | ||
| pub retain: bool, |
There was a problem hiding this comment.
Now retain is the default behavior, is this argument ever needed?
There was a problem hiding this comment.
We shall replace it with new arguments
There was a problem hiding this comment.
Updated.
- Replaced
logout-allwithrevokeacross the HTTP route, CLI/interactive command, SDK method, docs, and OpenAPI. - Removed the client and worker
--retainflags because retain is now the default behavior. - Kept the HTTP
/loginretainfield for API compatibility and documented that it defaults totrue.
I think we could just use |
- Rename logout-all to revoke across HTTP, CLI, SDK, docs, and OpenAPI - Remove client and worker --retain flags because retain is now the default behavior - Keep the HTTP login retain field for API compatibility and document its default behavior
| config.password, | ||
| config.retain, | ||
| ) | ||
| .connect(config.credential_path, config.user, config.password, true) |
There was a problem hiding this comment.
Since now retain is the default behavior, the last argument is redundent and should be removed.
| config.user.take(), | ||
| config.password.take(), | ||
| config.retain, | ||
| true, |
There was a problem hiding this comment.
Updated. The default connect/login flow no longer passes an explicit retain argument. Default login now uses the retain-by-default helper, while login --refresh uses the refreshing helper with retain=false. I also updated the worker login path accordingly.
Summary
/refreshendpoint to rotate the current login token/revokeendpoint to invalidate all login tokens for the current user--retainflags because retain is now the default behaviorNotes
login --refreshlogs in with username/password and invalidates previously issued login tokens.refreshuses the current valid token to issue a new token and invalidate previous login tokens.revokeinvalidates all login tokens for the current authenticated user./loginretainfield is kept for API compatibility and defaults totrue.Checks
cargo fmt --allcargo clippy --workspacecargo buildcargo testcargo doccd guide && mdbook buildKnown Notes
cargo auditreported existing dependency advisories in the current dependency tree; these appear unrelated to the auth refresh/revoke changes.cargo docpassed with an existing md5/md-5 output filename collision warning.