remove refresh_url from config response when device flow is not supported

Author: nkottary

docs/auth-flows.md

@@ -96,12 +96,11 @@ For a valid implementation of the configuration endpoint, the package server:
 1. MUST always return a `200` HTTP status code.
 2. The response body MUST be a valid JSON object (i.e. `{...}`)
 
-If the response is invalid (non-`200` code or an invalid JSON object), PkgAuthentication will assume that the server only supports the _Classic Authentication Flow, and proceed accordingly.
+If the response is invalid (non-`200` code or an invalid JSON object), PkgAuthentication will assume that the server only supports the Classic Authentication Flow, and proceed accordingly.
 
 ```json
 {
-  "device_flow_supported": false,
-  "refresh_url": "https://juliahub.com/auth/renew/token.toml/v2/"
+  "device_flow_supported": false
 }
 ```
 

src/PkgAuthentication.jl

@@ -210,7 +210,6 @@ function get_auth_configuration(state::NoAuthentication)
 
     def_resp = Dict{String, Any}(
         "device_flow_supported" => false,
-        "refresh_url" => "$(state.server)/$(auth_suffix)/renew/token.toml/v2/"
     )
 
     if response isa Downloads.Response && response.status == 200
@@ -225,8 +224,7 @@ function get_auth_configuration(state::NoAuthentication)
 
         if body !== nothing
 	    @assert haskey(body, "device_flow_supported")
-	    @assert haskey(body, "refresh_url")
-	    @assert (body["device_flow_supported"] && haskey(body, "device_authorization_endpoint") && haskey(body, "token_endpoint")) || !body["device_flow_supported"]
+	    @assert (body["device_flow_supported"] && haskey(body, "device_authorization_endpoint") && haskey(body, "token_endpoint") && haskey(body, "refresh_url")) || !body["device_flow_supported"]
             return body
         end
     end
@@ -242,7 +240,7 @@ function step(state::NoAuthentication)::Union{RequestLogin, Failure}
         initiate_browser_challenge(state)
     end
     if success
-        return RequestLogin(state.server, state.auth_suffix, challenge, body_or_response, get(auth_config, "token_endpoint", ""), auth_config["refresh_url"])
+        return RequestLogin(state.server, state.auth_suffix, challenge, body_or_response, get(auth_config, "token_endpoint", ""), get(auth_config, "refresh_url", ""))
     else
         return HttpError(body_or_response)
     end
@@ -520,7 +518,6 @@ function step(state::ClaimToken)::Union{ClaimToken, HasNewToken, Failure}
         body = JSON.parse(String(take!(output)))
         body["expires"] = body["expires_in"] + Int(floor(time()))
         body["expires_at"] = body["expires"]
-	@info("Setting refresh url to ", state.refresh_url)
         body["refresh_url"] = state.refresh_url
         return HasNewToken(state.server, body)
     elseif response isa Downloads.Response && response.status in [401, 400] && is_device

test/authserver.jl

@@ -117,8 +117,7 @@ function auth_configuration(req)
         return HTTP.Response(
             200,
             """ {
-                "device_flow_supported": false,
-                "refresh_url": "http://localhost:$PORT/auth/renew/token.toml/v2/"
+                "device_flow_supported": false
             } """,
         )
     else