Usage of ter:token:refresh is not clear

Question

Usage of ter:token:refresh is not clear

gilbertsoft opened this issue 3 years ago · 5 comments

I've tried to write a GH workflow to periodically refresh the access token and update the secrets. Currently it looks like user name and password are required for this action, I'm currently getting the error No authentication credentials are defined.

Wondering why I have to provide the credentials at all, thought for this reason the refresh token is provided. Saving the credentials at GH is a no go for some people.

Answer 1 · 2021-09-27T14:06:52.000Z

This is my current draft (not finished):

name: Refresh TYPO3 API Tokens

on:
  schedule:
    - cron: '0 1 1 * *'

jobs:
  refresh-tokens:
    name: Refresh TYPO3 API Tokens
    runs-on: ubuntu-latest
    steps:
      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: 7.4
          extensions: intl, mbstring, json, zip, curl
          tools: composer:2

      - name: Install Tailor
        run: composer global require typo3/tailor --prefer-dist --no-progress --no-suggest

      - name: Get new tokens
        id: tokens
        run: |
          composer exec tailor ter:token:refresh ${{ secrets.TYPO3_API_REFRESH_TOKEN }}
          echo ::set-output name=access_token::${}
          echo ::set-output name=refresh_token::${}

      - name: Update refresh token
        uses: hmanzur/actions-set-secret@v2
        with:
          name: TYPO3_API_REFRESH_TOKEN
          value: ${{ steps.tokens.outputs.refresh_token }}
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Update access token
        uses: hmanzur/actions-set-secret@v2
        with:
          name: TYPO3_API_ACCESS_TOKEN
          value: ${{ steps.tokens.outputs.access_token }}
          token: ${{ secrets.GITHUB_TOKEN }}

Answer 2 · 2021-09-27T22:16:25.000Z

Hi, thanks for opening an issue. Since tailor is just a client of the TER REST API, which currently requires basicAuth for the /auth/token/refresh endpoint, changes have to be done to the API endpoint instead. Therefore, I would be please if you could create an issue at https://gitlab.typo3.org/services/t3o-sites/extensions.typo3.org/ter/-/issues. I'll also close this issue here for now.

Answer 3 · 2021-09-27T22:23:17.000Z

For the time being we should adjust the README to make the current behaviour clear. I'll therefore reopen the issue.

Answer 4 · 2021-09-27T22:29:33.000Z

Created the corresponding PR. Looking forward to your feedback

Answer 5 · 2021-10-06T13:59:24.000Z

Created the corresponding PR. Looking forward to your feedback

Your docs change should make it clear now. Still would love to see a solution to refresh tokens without the credentials...