Skip to content

Add class to refresh Atlassian token

Keeyan Nejad requested to merge atlassian-token-refresh into master

What does this MR do and why?

Related to: #477983 (closed)

In order to Support individual user credentials for Jira integration we need a mechanism to refresh the access tokens.

This MR adds a class which can handle the refresh. It will be used in future MRs before using any token, in order to ensure it's still valid.

How to set up and validate locally

  1. Follow the steps in Atlassian application registration to setup Atlassian authentication locally.

For a local development instance it's easiest to edit the config/gitlab.yml and add the following (replacing the APP_ID and APP_SECRET as described in the document above) to development.omniauth.providers:

    - { name: 'atlassian_oauth2',
        app_id: 'APP_ID',
        app_secret: 'APP_SECRET',
        args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' }
    }

(If you haven't already you can connect to Atlassian as described here: https://gitlab.com/gitlab-org/manage/import-and-integrate/team/-/blob/main/integrations/jira.md?ref_type=heads#jira-instances)

  1. Go to http://127.0.0.1:3000/-/profile/account and connect your account to Atlassian
  2. Run the following to confirm the values change:
identity = Atlassian::Identity.first
identity.token
identity.refresh_token
identity.expires_at
refresher = Gitlab::Auth::Atlassian::TokenRefresher.new(identity)
refresher.refresh_if_needed! # Return nil or updates the identity attributes depending on whether the token is expiring soon
identity.token
identity.refresh_token
identity.expires_at

Database Query

identity.update(expires_at: Time.zone.now + response["expires_in"].seconds, refresh_token: response["refresh_token"], token: response["access_token"]):

UPDATE
    "atlassian_identities"
SET
    "updated_at" = '2024-08-13 11:45:30.926775',
    "expires_at" = '2024-08-13 12:45:30.920591',
    "encrypted_token" = '\x657dd9ee7708c75ca8316ba5bb290588e52b87d34378de3481',
    "encrypted_token_iv" = '\x04898241488b1444c92ee933',
    "encrypted_refresh_token" = '\x3ce562aaf8a2ec15a66135b4232188f80a7a3b867e40c0d7240b',
    "encrypted_refresh_token_iv" = '\xba1f4d519cc2671189ca843b'
WHERE
    "atlassian_identities"."user_id" = 3

Explain

ModifyTable on public.atlassian_identities  (cost=0.00..0.00 rows=0 width=0) (actual time=0.004..0.004 rows=0 loops=1)
   I/O Timings: read=0.000 write=0.000
   ->  Seq Scan on public.atlassian_identities  (cost=0.00..0.00 rows=1 width=150) (actual time=0.003..0.003 rows=0 loops=1)
         Filter: (atlassian_identities.user_id = 3)
         Rows Removed by Filter: 0
         I/O Timings: read=0.000 write=0.000
Time: 0.471 ms  
  - planning: 0.416 ms  
  - execution: 0.055 ms  
    - I/O read: 0.000 ms  
    - I/O write: 0.000 ms  
  
Shared buffers:  
  - hits: 0 from the buffer pool  
  - reads: 0 from the OS file cache, including disk I/O  
  - dirtied: 0  
  - writes: 0
Edited by Keeyan Nejad

Merge request reports