AUTH-3122 Verify that Access tokens are still valid in curl command

Before this change, the only sure fire way to make sure you had a valid
Access token was to run `cloudflared access login <your domain>`. That
was because that command would actually make a preflight request to ensure
that the edge considered that token valid. The most common reasons a token
was no longer valid was expiration and revocation. Expiration is easy to
check client side, but revocation can only be checked at the edge.

This change adds the same flow that cfd access login did to the curl command.
It will preflight the request with the token and ensure that the edge thinks
its valid before making the real request.
This commit is contained in:
James Royal 2023-04-17 10:42:50 -05:00
parent 5e212a6bf3
commit 171d4ac77c
1 changed files with 7 additions and 0 deletions

View File

@ -280,6 +280,13 @@ func curl(c *cli.Context) error {
if err != nil {
return err
}
// Verify that the existing token is still good; if not fetch a new one
if err := verifyTokenAtEdge(appURL, appInfo, c, log); err != nil {
log.Err(err).Msg("Could not verify token")
return err
}
tok, err := token.GetAppTokenIfExists(appInfo)
if err != nil || tok == "" {
if allowRequest {