// if so, ensures that an api_client_authorizations row exists so that
// RailsAPI will accept it as an Arvados token.
func (ta *oidcTokenAuthorizer) registerToken(ctx context.Context, tok string) error {
- if strings.HasPrefix(tok, "v2/") {
+ if tok == ta.ctrl.Cluster.SystemRootToken || strings.HasPrefix(tok, "v2/") {
return nil
}
if cached, hit := ta.cache.Get(tok); !hit {
// cached negative result (value is expiry time)
if time.Now().Before(exp) {
return nil
- } else {
- ta.cache.Remove(tok)
}
+ ta.cache.Remove(tok)
} else {
// cached positive result
- aca := cached.(*arvados.APIClientAuthorization)
+ aca := cached.(arvados.APIClientAuthorization)
var expiring bool
if aca.ExpiresAt != "" {
t, err := time.Parse(time.RFC3339Nano, aca.ExpiresAt)