adam.robins.wtf / sower
Deployment and lifecycle management for Nix
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: fall through to rekey when reauthentication fails with invalid client

When a garden has stored credentials but the OAuth client no longer
exists on the server, reauthentication fails. Previously this was a
hard error that left the garden retrying forever. Now it falls through
to the rekey flow, which can recover the garden's identity.

If the rekey also fails with garden_not_found (garden was deleted),
it falls through to fresh registration.

sow-157

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Adam C. Stephens 78028ee6 96049e7f

+34 -2
+34 -2
apps/garden/lib/garden/socket.ex
··· 197 197 } 198 198 when is_binary(token) and is_binary(private_key_pem) -> 199 199 if token_expired?(issued_at, expires_in) do 200 - try_reauthenticate(storage) 200 + try_reauthenticate_or_rekey(storage) 201 201 else 202 202 Logger.debug(msg: "Using stored Boruta access token") 203 203 {:ok, "boruta:#{token}"} ··· 208 208 private_key_pem: private_key_pem 209 209 } 210 210 when is_binary(client_id) and is_binary(private_key_pem) -> 211 - try_reauthenticate(storage) 211 + try_reauthenticate_or_rekey(storage) 212 212 213 213 %{garden_sid: garden_sid} when is_binary(garden_sid) -> 214 214 Logger.warning( ··· 222 222 try_http_registration(storage) 223 223 end 224 224 end 225 + 226 + defp try_reauthenticate_or_rekey(%{garden_sid: garden_sid} = storage) 227 + when is_binary(garden_sid) do 228 + case try_reauthenticate(storage) do 229 + {:ok, _} = ok -> 230 + ok 231 + 232 + {:error, reason} -> 233 + Logger.warning( 234 + msg: "Reauthentication failed, attempting rekey", 235 + garden_sid: garden_sid, 236 + reason: inspect(reason) 237 + ) 238 + 239 + try_http_rekey(storage) 240 + end 241 + end 242 + 243 + defp try_reauthenticate_or_rekey(storage), do: try_reauthenticate(storage) 225 244 226 245 defp token_expired?(issued_at, expires_in) 227 246 when is_integer(issued_at) and is_integer(expires_in) do ··· 296 315 Storage.write(storage) 297 316 {:error, {:token_request_failed, reason}} 298 317 end 318 + 319 + {:error, :garden_not_found} -> 320 + Logger.warning( 321 + msg: "Garden no longer exists on server, re-registering", 322 + garden_sid: storage.garden_sid 323 + ) 324 + 325 + storage = 326 + storage 327 + |> Map.delete(:garden_sid) 328 + |> Map.delete(:oauth_credentials) 329 + 330 + try_http_registration(storage) 299 331 300 332 {:error, reason} -> 301 333 Logger.error(