snvijaya commented on a change in pull request #1872: Hadoop 16890: Change in
expiry calculation for MSI token provider
URL: https://github.com/apache/hadoop/pull/1872#discussion_r386848787
##########
File path:
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/oauth2/AzureADAuthenticator.java
##########
@@ -408,17 +409,29 @@ private static AzureADToken
parseTokenFromStream(InputStream httpResponseStream)
if (fieldName.equals("access_token")) {
token.setAccessToken(fieldValue);
}
+
if (fieldName.equals("expires_in")) {
- expiryPeriod = Integer.parseInt(fieldValue);
+ expiryPeriodInSecs = Integer.parseInt(fieldValue);
+ }
+
+ if (fieldName.equals("expires_on")) {
+ expiresOnInSecs = Long.parseLong(fieldValue);
}
+
}
jp.nextToken();
}
jp.close();
- long expiry = System.currentTimeMillis();
- expiry = expiry + expiryPeriod * 1000L; // convert expiryPeriod to
milliseconds and add
- token.setExpiry(new Date(expiry));
- LOG.debug("AADToken: fetched token with expiry " +
token.getExpiry().toString());
+ if (expiresOnInSecs > -1) {
+ token.setExpiry(new Date(expiresOnInSecs * 1000));
+ } else {
+ long expiry = System.currentTimeMillis();
Review comment:
If expiresOnInSecs is supposed to be the field to rely on and has been
returned -1, why not error out in else ?
Why is it that we are defaulting to value in expires_in which is not
reliable ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
