Background

vet cloud commands interfact with SafeDep Cloud.
https://docs.safedep.io/cloud

The easiest way to get started is vet cloud quickstart. This does all the setup and finally obtains an access token and refresh token using which we can execute commands such as:

vet cloud key list, vet cloud whoami etc.

Once vet cloud auth is done, keys are stored in ~/.safedep/vet-auth.yml which is accessible to vet using its auth package functions.

Even though we store the refresh token, we do not leverage it to refresh the session after the access token (JWT) has timed out. This gives a poor user experience. The user have to do vet cloud login again to fetch an access token.

Requirements

Add support for

• Check if access token is expired (may be by calling whoami API)
• Leverage refresh token to fetch and store a new set of access and refresh token
• Continue using new tokens in any vet cloud command
• Fail if its not possible to refresh

As a user, the experience should be transparent. For example, I come back after 7 days and run:

vet cloud key list

The system should intelligently make a decision based on cloud_access_token_updated_at if it should check for expired access token. It should NOT check always otherwise all vet cloud commands will be slowed down.

If the access token is expired, executed the refresh token flow to update the tokens and then continue the existing flow of command execution