Hi,
I have a DVC repo that is thought for storing data. I have a WebDAV remote. The authentication for the remote is done via oidc. I store the oidc token in the local.config file with
dvc remote modify --local hifis token oidc-token hifis_token
Now the problem is that the oidc token refreshes every 5 minutes. As far as I understand it this setting is fixed by the Client, which provides the storage. If I do dvc push this will sometimes take longer than 5 minutes and accordingly the token is refreshed but not updated in the local.config file and I get the error
unexpected error - received 401 (login failed): Client error ‘401 login failed’ for url …
Is there any solution to this? I guess I could have a script which always updated the local.config file in the backround but I don’t think this would solve the problem if the token is refreshed during a dvc operation like dvc push.
Thank you very much!
Best regards,
Matthias
Hi! Where is that token originally stored / updated?
I think the ideal solution is to make webdav plugin read that token from its original place if it is standardized (it would require a feature request / PR on GH) (similar to how regular integrations like AWS S3 do - they can read aws cli credentials).
To guarantee that it’s not interrupted in the middle (dcv push) some retry with reauth might be needed - it’s a bit separate story. For now can be imitated by some script outside I guess.
Hi, thanks for your answer!
oidc-agent stores a refresh token in an encrypted way in some oidc-agent directory, like ~/.config/oidc-agent. oidc-agent reads it from there and is then used to generate access tokens which in my case refresh every five minutes. You can get the recent access token with
oidc-token “short name of account configuration”
Would there maybe any way that DVC directly accesses the access token from this command instead reading it from the local.config file?
I think then there wont be any script needed, if DVC always has the recent token, there wont be any interruptions.
Besides DVC, are you using any other tools to access the storage? Do they read the token automatically? Can you give an example? (I’m not an expert in WebDav- and the question is - how standard it is to use oidc-agent in a sense that tools “understand” it automatically)