Class: OpenAI::Auth::WorkloadIdentityAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/openai/auth/workload_identity_auth.rb

Constant Summary collapse

SUBJECT_TOKEN_TYPES = 
{
  TokenType::JWT => "urn:ietf:params:oauth:token-type:jwt",
  TokenType::ID => "urn:ietf:params:oauth:token-type:id_token"
}.freeze
TOKEN_EXCHANGE_GRANT_TYPE = 
"urn:ietf:params:oauth:grant-type:token-exchange"
DEFAULT_TOKEN_EXCHANGE_URL = 
"https://auth.openai.com/oauth/token"
DEFAULT_REFRESH_BUFFER_SECONDS = 
1200

Instance Method Summary collapse

Constructor Details

#initialize(config, organization_id, token_exchange_url: DEFAULT_TOKEN_EXCHANGE_URL) ⇒ WorkloadIdentityAuth

Returns a new instance of WorkloadIdentityAuth.



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/openai/auth/workload_identity_auth.rb', line 15

def initialize(
  config,
  organization_id,
  token_exchange_url: DEFAULT_TOKEN_EXCHANGE_URL
)
  @config = config
  @organization_id = organization_id
  @token_exchange_url = URI(token_exchange_url)

  @cached_token = nil
  @cached_token_expires_at_monotonic = nil
  @cached_token_refresh_at_monotonic = nil
  @refreshing = false
  @mutex = Mutex.new
  @cond_var = ConditionVariable.new
end

Instance Method Details

#get_tokenObject 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/openai/auth/workload_identity_auth.rb', line 32

def get_token
  @mutex.synchronize do
    @cond_var.wait(@mutex) while @refreshing && token_unusable?

    unless token_unusable? || needs_refresh?
      return @cached_token
    end

    if @refreshing
      @cond_var.wait(@mutex) while @refreshing
      token = @cached_token
      raise OpenAI::Errors::AuthenticationError, "Token refresh failed" if token_unusable?
      return token
    end

    @refreshing = true
  end

  perform_refresh
  @mutex.synchronize do
    raise OpenAI::Errors::AuthenticationError, "Token refresh failed" if token_unusable?
    @cached_token
  end
end

#invalidate_tokenObject 



57
58
59
60
61
62
63
 
# File 'lib/openai/auth/workload_identity_auth.rb', line 57

def invalidate_token
  @mutex.synchronize do
    @cached_token = nil
    @cached_token_expires_at_monotonic = nil
    @cached_token_refresh_at_monotonic = nil
  end
end