You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm interesting in building a Consumer for an API that requires a Bearer token in the Authorization header in all but one endpoint. The same API also exposes an /access-token endpoint where you can exchange your refresh token for an access token.
Suppose the API endpoints are something like this:
POST /access-token
GET /api/widgets
POST /api/widgets
GET /api/widgets/:id
PUT /api/widgets/:id
DELETE /api/widgets/:id
Pretty standard RESTful API. All of the Widgets resource endpoints require a Bearer Token that can be obtained from the Access Token endpoint.
The Retrofit documentation talks about using a DelegatingHandler to implement that functionality. I'm not sure what the Uplink equivalent might be.
To add some additional context, this Consumer would be used in a CLI program, and I'm currently caching the access token externally in a secrets vault, like macOS Keychain. That makes the access token available not just across requests, but also across invocations of the CLI.
So I guess what I'm looking for is a way to annotate "this method requires an access token, and here's the method to call to obtain it dynamically". Ideally, I could annotate that on the class and not every method, and then have one annotation on the /access-token endpoint that says "skip access token authentication".
My best guess right now is that the /access-token endpoint should not be a part of my Consumer class, and would have to be implemented elsewhere. But that isn't entirely correct, since the /access-token endpoint is part of this API. Thoughts? Ideas?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm interesting in building a Consumer for an API that requires a Bearer token in the
Authorizationheader in all but one endpoint. The same API also exposes an/access-tokenendpoint where you can exchange your refresh token for an access token.Suppose the API endpoints are something like this:
POST /access-tokenGET /api/widgetsPOST /api/widgetsGET /api/widgets/:idPUT /api/widgets/:idDELETE /api/widgets/:idPretty standard RESTful API. All of the Widgets resource endpoints require a Bearer Token that can be obtained from the Access Token endpoint.
The Retrofit documentation talks about using a DelegatingHandler to implement that functionality. I'm not sure what the Uplink equivalent might be.
To add some additional context, this Consumer would be used in a CLI program, and I'm currently caching the access token externally in a secrets vault, like macOS Keychain. That makes the access token available not just across requests, but also across invocations of the CLI.
So I guess what I'm looking for is a way to annotate "this method requires an access token, and here's the method to call to obtain it dynamically". Ideally, I could annotate that on the class and not every method, and then have one annotation on the
/access-tokenendpoint that says "skip access token authentication".My best guess right now is that the
/access-tokenendpoint should not be a part of my Consumer class, and would have to be implemented elsewhere. But that isn't entirely correct, since the/access-tokenendpoint is part of this API. Thoughts? Ideas?Beta Was this translation helpful? Give feedback.
All reactions