Skip to content

Commit 6710f9f

Browse files
devopsjedidevopsjedi
committed
Address clarity and deduplication comments
Signed-off-by: Mike Cutsail <[email protected]>
1 parent 5a91eea commit 6710f9f

File tree

1 file changed

+5
-13
lines changed

1 file changed

+5
-13
lines changed

server/server.go

Lines changed: 5 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1128,19 +1128,7 @@ func (server *ArgoCDServer) translateGrpcCookieHeader(ctx context.Context, w htt
11281128
}
11291129

11301130
func (server *ArgoCDServer) setTokenCookie(token string, w http.ResponseWriter) error {
1131-
cookiePath := "path=/" + strings.TrimRight(strings.TrimLeft(server.BaseHRef, "/"), "/")
1132-
flags := []string{cookiePath, "SameSite=lax", "httpOnly"}
1133-
if !server.Insecure {
1134-
flags = append(flags, "Secure")
1135-
}
1136-
cookies, err := httputil.MakeCookieMetadata(common.AuthCookieName, token, flags...)
1137-
if err != nil {
1138-
return fmt.Errorf("error creating cookie metadata: %w", err)
1139-
}
1140-
for _, cookie := range cookies {
1141-
w.Header().Add("Set-Cookie", cookie)
1142-
}
1143-
return nil
1131+
return httputil.SetTokenCookie(token, server.BaseHRef, !server.Insecure, w)
11441132
}
11451133

11461134
func withRootPath(handler http.Handler, a *ArgoCDServer) http.Handler {
@@ -1564,6 +1552,7 @@ func (server *ArgoCDServer) Authenticate(ctx context.Context) (context.Context,
15641552
return ctx, nil
15651553
}
15661554

1555+
// getClaims extracts, validates and refreshes a JWT token from an incoming request context.
15671556
func (server *ArgoCDServer) getClaims(ctx context.Context) (jwt.Claims, string, error) {
15681557
md, ok := metadata.FromIncomingContext(ctx)
15691558
if !ok {
@@ -1573,6 +1562,8 @@ func (server *ArgoCDServer) getClaims(ctx context.Context) (jwt.Claims, string,
15731562
if tokenString == "" {
15741563
return nil, "", ErrNoSession
15751564
}
1565+
// A valid argocd-issued token is automatically refreshed here prior to expiration.
1566+
// OIDC tokens will be verified but will not be refreshed here.
15761567
claims, newToken, err := server.sessionMgr.VerifyToken(ctx, tokenString)
15771568
if err != nil {
15781569
return claims, "", status.Errorf(codes.Unauthenticated, "invalid session: %v", err)
@@ -1585,6 +1576,7 @@ func (server *ArgoCDServer) getClaims(ctx context.Context) (jwt.Claims, string,
15851576
return claims, "", status.Errorf(codes.Unauthenticated, "invalid session: %v", err)
15861577
}
15871578
finalClaims = updatedClaims
1579+
// OIDC tokens are automatically refreshed here prior to expiration
15881580
refreshedToken, err := server.ssoClientApp.CheckAndRefreshToken(ctx, updatedClaims, server.settings.OIDCRefreshTokenThreshold)
15891581
if err != nil {
15901582
log.Errorf("error checking and refreshing token: %v", err)

0 commit comments

Comments
 (0)