Use expired tokens with refresh tokens

lawrencegripper · Jul 17, 2018 · 68a3922 · 68a3922
1 parent fe4e024
commit 68a3922
Showing 1 changed file with 14 additions and 5 deletions.
diff --git a/azurerm/helpers/authentication/access_token.go b/azurerm/helpers/authentication/access_token.go
@@ -17,6 +17,8 @@ type AccessToken struct {
 }
 
 func findValidAccessTokenForTenant(tokens []cli.Token, tenantId string) (*AccessToken, error) {
+	mostRecentAccessToken := AccessToken{}
+	foundToken := false
 	for _, accessToken := range tokens {
 		token, err := accessToken.ToADALToken()
 		if err != nil {
@@ -28,11 +30,16 @@ func findValidAccessTokenForTenant(tokens []cli.Token, tenantId string) (*Access
 			return nil, fmt.Errorf("Error parsing expiration date: %q", accessToken.ExpiresOn)
 		}
 
-		if expirationDate.UTC().Before(time.Now().UTC()) {
-			log.Printf("[DEBUG] Token %q has expired", token.AccessToken)
+		if expirationDate.UTC().Before(time.Now().UTC()) && accessToken.RefreshToken == "" {
+			log.Printf("[DEBUG] Token %q has expired and it doens't have a refresh token", token.AccessToken)
 			continue
 		}
 
+		if mostRecentAccessToken.AccessToken != nil &&
+			expirationDate.UTC().After(mostRecentAccessToken.AccessToken.Expires()) {
+			log.Printf("[DEBUG] Token %q has later expiration date", token.AccessToken)
+		}
+
 		if !strings.Contains(accessToken.Resource, "management") {
 			log.Printf("[DEBUG] Resource %q isn't a management domain", accessToken.Resource)
 			continue
@@ -43,13 +50,15 @@ func findValidAccessTokenForTenant(tokens []cli.Token, tenantId string) (*Access
 			continue
 		}
 
-		validAccessToken := AccessToken{
+		mostRecentAccessToken = AccessToken{
 			ClientID:     accessToken.ClientID,
 			AccessToken:  &token,
 			IsCloudShell: accessToken.RefreshToken == "",
 		}
-		return &validAccessToken, nil
+		foundToken = true
+	}
+	if foundToken {
+		return &mostRecentAccessToken, nil
 	}
-
 	return nil, fmt.Errorf("No Access Token was found for the Tenant ID %q", tenantId)
 }