-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating credentials not possible in initial connection loop of robust connection #619
Comments
I could also create a pull request with the solution I proposed if this approach would be ok. |
I expect something like this should work.
The docstring should probably be updated to mention |
oh, I misread the default of fail_fast to be False when it in fact is True. If you are using the default I'm not sure what is going on. |
We have exactly the same issue on one of our projects that use OAuth2 with tokens that have quite short lifespan (under 5 mins). I tried using Pseudo-code:
If we get disconnected from RMQ after token expired, reconnection keeps trying with an old token and we are perpetually stuck with this error:
It would be very nice if there was a callback that would be called before a reconnect attempt in order to get a new token. |
Update: I think I messed a few things up here and the error doesn't occur as described. As @Darsstar already mentioned there should be no issue on initial connect except for when the fail_fast parameter is explicitly set to false. However there is an old token / password being used in the following scenario, which I reproduced today:
This also poses an issue with update_secret, as this method can only be called while the client is actually connected to the broker. The current workaround is to update the url myself using the same line of code as in update_secret (but without updating it remotely) after a new valid token is fetched:
(Provided your robust connection is available under One solution could be to alter |
One more thing to clarify: The token is currently updated in an async loop in a certain interval that will always ensure that a fresh token is available. This is an alternate approach than the one mentioned by @Darsstar which works as well. Though I actually prefer the "lazy" way more as well. |
We are using the robust connection of aio-pika to connect to our AMQP broker using an OAuth2 token as the AMQP password which was retrieved beforehand. However we are running into an issue with the token itself expiring after a relatively short period of time (currently 15 minutes in our scenario).
When calling the connect_robust() method and the broker is not reachable by the next 15 minutes the token expires. This wouldn't be too much of a problem as a new token can easily be obtained, however since the connect_robust() function is still in its "initial connect loop" an update of the AMQP password using the new token is not possible. Even if the broker is reachable after the token expires, any subsequent connection attempt will never be successful since the token itself has expired and the AMQP broker will refuse any connection attempt.
This might be a rare condition, but if it does happen it will render the app instance unusable since it will never jump out of the connect_robust() function.
Would there be any way of allowing to update AMQP credentials while in the "initial connection loop"? I would think of some sort of a credentials retrieval function that may be passed down the function and which is called in each subsequent connection attempt made by the "initial connection loop". Or is there any other, possibly better way I cannot think about right now?
The text was updated successfully, but these errors were encountered: