Solved

Client secret management in Python SDK

  • 16 January 2023
  • 4 replies
  • 101 views

Badge +1

We are currently exploring workflow development on top of CDF python SDK. The client secret is used in the workflow code in order to connect with CDF project instance. This client secret is bound to expire after predefined interval. It will incur production downtime and manual intervention in order to update the secret.

Can we have or do we have some concept similar to refresh tokens in CDF Python SDK.

icon

Best answer by Thomas Sjølshagen 23 January 2023, 07:48

View original

4 replies

Userlevel 4
Badge

Ardash,
I read 2 concerns here, One is refresh for a long running process and the other is secret rotation.  For long running processes with the Python SDK, it’s my understanding that the token will (should) be refreshed via the SDK. The secret you use for running the workflow should be managed (stored and rotated) externally as any other secrets.


Hope this helps :)
Jason

Userlevel 3

Hi @Adarsh Dhiman, and thank you for insight!

Can you not use a standard approach to managing the OAuth refresh_token in the environment, or is this a request for some way of automating the refresh process (asynchronously?), alternatively some SDK specific way of storing the refresh token for when it’s needed, outside of your own application/script/program?

Userlevel 3

Hi @Adarsh Dhiman, would you be able to add some more details here? :) 

Badge +1

Hi Carin & Thomas,

Thank you. The explanation provided by Jason has clarified my understanding. I will get in case of any additional questions.

Regards,

Adarsh

 

Reply