Skip to content

Latest commit

 

History

History
52 lines (38 loc) · 1.12 KB

README.md

File metadata and controls

52 lines (38 loc) · 1.12 KB

OAuth-refresher

OAuth-refresher is a Kubernetes native background process that automatically updates OAuth 2.0 tokens before they expire.

The ambition is to enable dumb OAuth clients by offloading the token renewal.

Usage

With a secret like this:

apiVersion: v1
kind: Secret
metadata:
  name: my-token
  labels:
    dj-kubelet.com/oauth-refresher: spotify
type: Opaque
data:
  access_token: aGVsbG8K
  refresh_token: d29ybGQK

You'd run oauth-refresher with a matching labelKey to have it refresh the token every 10 minutes.

./oauth-refresher --labelKey=dj-kubelet.com/oauth-refresher --refreshInterval=600

Configuration of the OAuth 2.0 client is passed with environment variables.

AUTH_URL=https://accounts.spotify.com/authorize
TOKEN_URL=https://accounts.spotify.com/api/token
CLIENT_ID=aaa
CLIENT_SECRET=aaa

Deploy

# Build image
docker build -t oauth-refresher .

# Load image to kind nodes
kind load docker-image --name dj-kubelet oauth-refresher

# Create namespace and apply kustomized deployment
kubectl create namespace oauth-refresher
kubectl apply -k ./development