box: Fixed refresh of tokens with OAuth2.0 and JWT
If you use the authentication method OAuth2.0 with JWT on the Box backend rclone fails to refresh the token before Box expires it. If this happens mid-transfer the transfer is aborted. This fix expires the tokens from Box earlier (2 minutes) than expected. Fixes #7214
This commit is contained in:
parent
34195fd3e8
commit
749f4f2f2c
3 changed files with 9 additions and 7 deletions
|
@ -185,7 +185,9 @@ func refreshJWTToken(ctx context.Context, jsonFile string, boxSubType string, na
|
||||||
signingHeaders := getSigningHeaders(boxConfig)
|
signingHeaders := getSigningHeaders(boxConfig)
|
||||||
queryParams := getQueryParams(boxConfig)
|
queryParams := getQueryParams(boxConfig)
|
||||||
client := fshttp.NewClient(ctx)
|
client := fshttp.NewClient(ctx)
|
||||||
err = jwtutil.Config("box", name, tokenURL, *claims, signingHeaders, queryParams, privateKey, m, client)
|
//When using OAuth2.0 with JWT Box appears to expire their tokens earlier than expected.
|
||||||
|
//To counter this, we manually set the token to expire 2 minutes earlier than expected
|
||||||
|
err = jwtutil.Config("box", name, tokenURL, *claims, signingHeaders, queryParams, privateKey, m, client, time.Duration(2*time.Minute))
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,7 @@ func RandomHex(n int) (string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Config configures rclone using JWT
|
// Config configures rclone using JWT
|
||||||
func Config(id, name, url string, claims jwt.Claims, headerParams map[string]interface{}, queryParams map[string]string, privateKey *rsa.PrivateKey, m configmap.Mapper, client *http.Client) (err error) {
|
func Config(id, name, url string, claims jwt.Claims, headerParams map[string]interface{}, queryParams map[string]string, privateKey *rsa.PrivateKey, m configmap.Mapper, client *http.Client, earlyExpire time.Duration) (err error) {
|
||||||
jwtToken := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
|
jwtToken := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
|
||||||
for key, value := range headerParams {
|
for key, value := range headerParams {
|
||||||
jwtToken.Header[key] = value
|
jwtToken.Header[key] = value
|
||||||
|
@ -93,7 +93,7 @@ func Config(id, name, url string, claims jwt.Claims, headerParams map[string]int
|
||||||
}
|
}
|
||||||
e := result.ExpiresIn
|
e := result.ExpiresIn
|
||||||
if e != 0 {
|
if e != 0 {
|
||||||
token.Expiry = time.Now().Add(time.Duration(e) * time.Second)
|
token.Expiry = time.Now().Add(time.Duration(e) * time.Second - earlyExpire)
|
||||||
}
|
}
|
||||||
return oauthutil.PutToken(name, m, token, true)
|
return oauthutil.PutToken(name, m, token, true)
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,6 @@ import (
|
||||||
"github.com/rclone/rclone/fs"
|
"github.com/rclone/rclone/fs"
|
||||||
"github.com/rclone/rclone/fs/config"
|
"github.com/rclone/rclone/fs/config"
|
||||||
"github.com/rclone/rclone/fs/config/configmap"
|
"github.com/rclone/rclone/fs/config/configmap"
|
||||||
"github.com/rclone/rclone/fs/fserrors"
|
|
||||||
"github.com/rclone/rclone/fs/fshttp"
|
"github.com/rclone/rclone/fs/fshttp"
|
||||||
"github.com/rclone/rclone/lib/random"
|
"github.com/rclone/rclone/lib/random"
|
||||||
"github.com/skratchdot/open-golang/open"
|
"github.com/skratchdot/open-golang/open"
|
||||||
|
@ -267,9 +266,10 @@ func (ts *TokenSource) Token() (*oauth2.Token, error) {
|
||||||
if ts.reReadToken() {
|
if ts.reReadToken() {
|
||||||
changed = true
|
changed = true
|
||||||
} else if ts.token.RefreshToken == "" {
|
} else if ts.token.RefreshToken == "" {
|
||||||
return nil, fserrors.FatalError(
|
//Box authentication OAuth2.0 with JWT does not provide refresh tokens
|
||||||
fmt.Errorf("token expired and there's no refresh token - manually refresh with \"rclone config reconnect %s:\"", ts.name),
|
//return nil, fserrors.FatalError(
|
||||||
)
|
// fmt.Errorf("token expired and there's no refresh token - manually refresh with \"rclone config reconnect %s:\"", ts.name),
|
||||||
|
//)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue