Yesterday the CircleCI CLI snap stopped auto publishing from our builds. Today I discovered that when creating an auth file with snapcraft export-login, it has a default expiration time of 1 year. This tripped me up a little bit.
Where should I document this information?
Will a PR to snapcraft updating the help text to include this work? Somewhere else?
@kyrofa at moment, even if one specifies a large expiration date on the root macaroon (dashboard), the discharge (from SSO) will limit it to one year validity:
i.e. expires only makes sense between now and now + 1y
Remembering the discharge will require daily auto-refreshes, which stop work if the SSO account password has changed or if the expiration date has elapsed.
@FelicianoTech there was a recent change in the macaroon generator endpoint to allow longer (or no) expiration time, but it depends on the permissions involved. The API documentation will be updated soon.
Briefly, some permissions, if used, will force limited expiration. They are: edit_account, modify_account_key, package_access, package_purchase, store_admin and store_review
In the case of default export-login permissions, package_access forces 1y expiration. If you specify a set of permissions not involving the ones mentioned above, you can obtain a macaroon with longer (or no) expiration, which seems to be your case.
Wanted to make a suggestion for a smaller change. I hit this with my token expiring today, but I found the error given back from the snap login was confusing - as a result it took me a good chunk of time to work out this was an issue with the token.
I got the error Error fetching account information from store: The request is missing an Authorization header field containing a valid macaroon
Would it be possible for the server to respond with something like Authorization token no longer valid, may have expired?
I think it that threw me was calling it a macaroon and having no reference to why it’s no longer valid, given I’d no idea the exported creds expired by default this was a double whammy.