mechiru / google-authz Goto Github PK

I am currently using version 1.0.0-alpha.5 of the google-authz crate.

It seems that the google-authz crate doesn't consider feature unification. When using Cargo workspaces, situations may arise where some crates utilize the tonic feature while others do not. In such cases, both crates end up with the tonic feature activated due to feature unification.

As a consequence, even crates that don't use the tonic feature are affected, and the enforce_https method becomes unusable. This contradicts the documentation's statement, "A consequence of this is that features should be additive." Essentially, the tonic feature in this context essentially means no_enforce_https.

I would like to inquire about the necessity of the enforce_https method. If possible, could it be considered for removal?

example: https://github.com/bouzuya/rust-examples/tree/0742fc0baa260f85319504e6df321dffb33ad0d7/google-authz2

auth::oauth2::Inner::poll_ready has a loop in which it seems the intent is that token-fetch errors are retried. When a fetch failure below the max_retry limit occurs, the loop state will be updated with a new Fetching value and fetcher future instance with this code:

However, because of the break Poll::Pending statement at the end of the block, the loop this macro is evaluated within is immediately exited. This means the new fetcher future never gets polled again by the macro, and in effect retries of the token-fetch won't happen.

The result is that an application using this library will see an info-level log message that the token-fetch failed ... but their future that ultimately invoked this library won't resolve to an error.