I set out with the goal of just running something 'login-images 30m' and having it force me to log in (in --headless mode) to each of the configured endpoints, and then running it again would refresh the token, or force me to auth again if i had to in able to ensure 30m of peace.
When refresh tokens are correctly working, the end goal would be to run this on ssh login with a value of something like '4h' (4 hours) and then start a timer of some sort that just kept refreshing in the background.
This is what I have right now.
-
login-images -c/--check will show status
$ login-images -c console-api.enforce.dev - 0m apk.cgr.dev - 0m cgr.dev - 48m
-
login-images without args will login to the audience provided or the builtin list
Below, the was good for 58 minutes so it did not force a new login. The other two sites needed login.
$ login-images console-api.enforce.dev had 0m wanted 30m Authenticating... Enter the verification code MZDD-XVMP in your browser at: https://auth.chainguard.dev/activate Code will be valid for 900 seconds Token received! Successfully exchanged token. Valid! Id: aa4458f1e77704575053c079c9b3b6db8bb47642 console-api.enforce.dev - good for 59m apk.cgr.dev had 0m wanted 30m Authenticating... Enter the verification code QCDR-XFWJ in your browser at: https://auth.chainguard.dev/activate Code will be valid for 900 seconds Token received! Successfully exchanged token. Valid! Id: aa4458f1e77704575053c079c9b3b6db8bb47642 apk.cgr.dev - good for 60m cgr.dev - good for 58m
- Refresh tokens basically can't be used here, at least with
--headless
(mono/#18280) and they don't get listed in status (mono/#18279).