Skip to main content
Solved

Client secret management in Python SDK


Forum|alt.badge.img+1

We are currently exploring workflow development on top of CDF python SDK. The client secret is used in the workflow code in order to connect with CDF project instance. This client secret is bound to expire after predefined interval. It will incur production downtime and manual intervention in order to update the secret.

Can we have or do we have some concept similar to refresh tokens in CDF Python SDK.

Best answer by Thomas Sjølshagen

Hi @Adarsh Dhiman, and thank you for insight!

Can you not use a standard approach to managing the OAuth refresh_token in the environment, or is this a request for some way of automating the refresh process (asynchronously?), alternatively some SDK specific way of storing the refresh token for when it’s needed, outside of your own application/script/program?

View original
Did this topic help you find an answer to your question?

Forum|alt.badge.img

Ardash,
I read 2 concerns here, One is refresh for a long running process and the other is secret rotation.  For long running processes with the Python SDK, it’s my understanding that the token will (should) be refreshed via the SDK. The secret you use for running the workflow should be managed (stored and rotated) externally as any other secrets.


Hope this helps :)
Jason


Forum|alt.badge.img

Hi @Adarsh Dhiman, and thank you for insight!

Can you not use a standard approach to managing the OAuth refresh_token in the environment, or is this a request for some way of automating the refresh process (asynchronously?), alternatively some SDK specific way of storing the refresh token for when it’s needed, outside of your own application/script/program?


  • Seasoned Practitioner
  • February 2, 2023

Hi @Adarsh Dhiman, would you be able to add some more details here? :) 


Forum|alt.badge.img+1

Hi Carin & Thomas,

Thank you. The explanation provided by Jason has clarified my understanding. I will get in case of any additional questions.

Regards,

Adarsh

 


Reply


Cookie Policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie Settings