Skip to content

Commit

Permalink
update error handling
Browse files Browse the repository at this point in the history
  • Loading branch information
blink1073 committed Apr 9, 2024
1 parent b4e7905 commit 6815eb4
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions source/auth/auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -1747,15 +1747,14 @@ authenticate a new connection when a [OIDC Human Callback](#oidc-human-callback)
- Check if the *Client Cache* has an access token.
- If it does, cache the access token in the *Connection Cache* and perform a [One-Step](#one-step) SASL conversation
using the access token. If the server returns an Authentication error (18), invalidate the access token token from
the *Client Cache*, clear the *Connection Cache*, and restart the authentication flow. If the server returns another
error, restart the authentication flow.
the *Client Cache*, clear the *Connection Cache*, and restart the authentication flow. Raise any other errors to the
user.
- Check if the *Client Cache* has a refresh token.
- If it does, call the [OIDC Human Callback](#oidc-human-callback) with the cached refresh token and `IdpInfo` to get
a new access token. Cache the new access token in the *Client Cache* and *Connection Cache*. Perform a
[One-Step](#one-step) SASL conversation using the new access token. If the
[OIDC Human Callback](#oidc-human-callback) or the server returns an Authentication error (18), clear the refresh
token, invalidate the access token from the *Client Cache*, clear the *Connection Cache*, and restart the
authentication flow. If the server returns another error, restart the authentication flow.
[One-Step](#one-step) SASL conversation using the new access token. If the the server returns an Authentication
error (18), clear the refresh token, invalidate the access token from the *Client Cache*, clear the *Connection
Cache*, and restart the authentication flow. Raise any other errors to the user.
- Start a new [Two-Step](#two-step) SASL conversation.
- Run a `PrincipalStepRequest` to get the `IdpInfo`.
- Call the [OIDC Human Callback](#oidc-human-callback) with the new `IdpInfo` to get a new access token and optional
Expand Down Expand Up @@ -2054,6 +2053,8 @@ to EC2 instance metadata in ECS, for security reasons, Amazon states it's best p

## Changelog

- 2024-04-09: Updated OIDC authentication flow and prose tests.

- 2024-04-03: Added GCP built-in OIDC provider integration.

- 2024-03-29: Updated OIDC test setup and descriptions.
Expand Down

0 comments on commit 6815eb4

Please sign in to comment.