Add automatic JWT token refresh capability for long running jobs#52
Open
maclarel wants to merge 2 commits intoSpecterOps:mainfrom
Open
Add automatic JWT token refresh capability for long running jobs#52maclarel wants to merge 2 commits intoSpecterOps:mainfrom
maclarel wants to merge 2 commits intoSpecterOps:mainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
JWTs granted through GitHub App usage have a ~1 hour lifespan, and this can be hit if rate limits are encountered or if data extraction simply takes longer than that (e.g. large org, significant numbers of workflows, etc...).
This PR introduces logic that will attempt to refresh an existing session in the event that 401 errors are encountered during extraction (indicating the token has expired), or if the token is > 50 minutes old, hard-failing after a handful of attempts to do so.
This PR was heavily AI-assisted so review from someone with better knowledge of GitHound's auth flow than me should certainly give it a review. It should be fully backwards compatible, does not appear to introduce any breaking changes, and is (so far) working as expected in my own testing.
Example: