What about keeping the token for future tap runs? ...
# singer-tap-development
a
What about keeping the token for future tap runs? Is it possible? That is, if I run meltano every 15 minutes, I do not need to receive a new token for each launch, I could use the token that I received earlier
a
@alex_dimov - In general, I think most implementations just take a new token. Specifically, there is no 'write back' capability for settings as of now in Meltano or in the Singer spec. Meaning, the tap gets a json pointing to it's settings, but there's no guarantee that the orchestrator (Meltano or another runner) will read back or preserve changes that the tap might apply to that json file. In the case of cloud-based execution, the next time the execution starts, it is likely to be on a different container entirely, and there are security implications of letting tap invocations change their future config and authentication parameters.
The only other options I'm aware of would be to store in
STATE
but that also could have some security concerns, since state artifacts are generally not themselves treated as secrets.
Perhaps others have experience or ideas in this area, but the general solution I've seen most often is to just (1) get a new token each time or (2) let the user collect it and maintain its lifecycle.
a
Thanks for the answer, I understood everything except the second option:
let the user collect it and maintain its lifecycle
Do you mean that the user himself receives a token every time and give us a valid one? Another option I thought about is getting a token from our server
a
Do you mean that the user himself receives a token every time and give us a valid one?
Another option I thought about is getting a token from our server
Yeah - this delegates the login-and-get-token process to the "user" (aka your own servers/processes), so it won't be ideal for most folks. But then you could manage the lifecycle of that token. That said, is there a reason you don't want to let the tap just get a new token each time?
a
At first, it seemed to me that it is always better to update an existing token (after all, we poll the APIs every 15 minutes) Secondly, we will pollute the user's logs (on some products, the receipt of a new token is registered - and if we do this every 15 minutes - the user will have 4 events every hour)