Authorization token getting expired by the time I make http request with RestApi Provider

[vkuma17]

data "ibm_iam_auth_token" "restapi" {
  
}
provider "restapi" {
  uri                  = "https://${local.base_endpoint}.${var.region}.secrets-manager.appdomain.cloud"
  write_returns_object = true
  debug                = true
  headers = {
    Authorization = data.ibm_iam_auth_token.restapi.iam_access_token
    Content-Type  = "application/merge-patch+json"
  }
}

I have this restapi provider and data block which fetches the token. I am getting an unauthorized 401 error because the http request using the resource block is made after 1 hour of run in terraform apply and by that time token gets expired. I am building an openshift cluster which usually takes more than an hour and after that step only restapi_object resource should run. I tried adding an explicit dependency on module.openshift in the data block to fetch the token but providers headers seem to initialise at the start and i still got the same error. Is there any way to handle this. Below is my restapi_object resource for reference.

resource "restapi_object" "delete_secret" {

  id_attribute   = "id"
  path           = "/api/v2/secrets/{id}"
  read_path      = "/api/v2/secrets/{id}"
  read_method    = "GET"
  create_method  = "PATCH"
  create_path    = "/api/v2/secrets/${local.secret_id}/metadata"
  destroy_method = "DELETE"
  destroy_path   = "/api/v2/secrets/{id}"
  data = jsonencode({})

}

[DRuggeri]

Hey there, @vkuma17 - I understand the issue, but I'm afraid there isn't a clean way to do what you describe. By the time the data gets to this provider, it's just a string - and we have no way to request a refreshed token through Terraform.

We do support Oauth2, though - so if your target API can support it, I believe the Oauth2 client will keep the token fresh and request new tokens as needed. Might be worth giving that a shot?