Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow developer token, update documentation #239

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

allow developer token, update documentation #239

wants to merge 2 commits into from

Conversation

danielruss
Copy link

I would like to modify the api (backwards compatible) to allow the user to pass a developer token to box_auth.

@danielruss danielruss mentioned this pull request Mar 17, 2023
Open
@nathancday
Copy link
Member

Very cool work to figure out the developer token work around with the current functions.

I think there are some edge cases to consider in the code.Two that jump out are:

  1. What happens when either client_id or client_secret are still NULL (e.g. all you ever use is a developer token)? I think you would error our and never get to the dev token logic.
  2. It's safest to move the new argument to the end of the named arguments, just in case anyone was using positional order and passing unnamed parameter in before this patch.

I'd also like to figure out a way to get this auth logic under the purrr::insensintly() call too, b/c retrying failed calls is a nice to have. We may want to make this a separate auth function too, its a lot simpler when its just dev token OR not, like we could probably always skip the cacheing attempts for developer tokens because the are short lived.

Thanks for contributing this fix, I'm sure it will help a lot of folks in similar cloud situations. Let me think about the PR a bit more before we make any code changes, I think the moving pieces are captured well now.

@danielruss
Copy link
Author

  1. You still need the client ID/secret. You cannot create a box developer token if you dont have a box app with a CID/secret.
  2. Good point. I'll be happy to swap the order. I'm not sure how to update the PR, but I'll figure it out.

We could wrap the token create with insistently, but I don't think we are making an API call. One thing I want to make sure is that the developer token is not written to ~/.boxr-auth (the life span is to short to bother. So far it appears not to do that, but a second set of eyes is also good.

@nathancday
Copy link
Member

nathancday commented Mar 17, 2023 via email

@danielruss
Copy link
Author

yes, the developer token is a bearer token. The code create an httr::oauth2.o token from the bearer token.

@danielruss
allow developer token, update documentation
7e17015 
changed order of developer_token in box_auth
@danielruss
Copy link
Author

order of parameters changed...

@nathancday
Copy link
Member

@ijlyttle this still feels useful to me and I can't see how it would break existing code, is this on your radar for reviewing/merging?

Looking at this again today, I think we could do this all by adding an example to the docs for box_auth() showing how to pass the suggested credentials=my-dev-token via the ... and skip the function level change altogether...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danielruss @nathancday