fix the refresh token issue (IBM-Cloud#6489)

hkantare · web-flow · commit 6acc611f561c · 2025-10-01T08:42:36.000+05:30
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/IBM-Cloud/terraform-provider-ibm
 go 1.24.2
 
 require (
-	github.com/IBM-Cloud/bluemix-go v0.0.0-20250926123547-63b728a65b05
+	github.com/IBM-Cloud/bluemix-go v0.0.0-20251001005609-37dbcddbe871
 	github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240725064144-454a2ae23113
 	github.com/IBM-Cloud/power-go-client v1.13.0
 	github.com/IBM/appconfiguration-go-admin-sdk v0.5.1
diff --git a/go.sum b/go.sum
@@ -89,8 +89,8 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/IBM-Cloud/bluemix-go v0.0.0-20250926123547-63b728a65b05 h1:5M3cNzIxuEWBQaOHUGIhhmUWJMtnw1cpZEtyMR1eImw=
-github.com/IBM-Cloud/bluemix-go v0.0.0-20250926123547-63b728a65b05/go.mod h1:lU1/3aolIs4y062yTTokFEiIEssAZqqjdj/5qvkBeq8=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20251001005609-37dbcddbe871 h1:0NrvGUWBoGxPZj73Az6y7ITMcGEitZf2lRvXlzCYRgs=
+github.com/IBM-Cloud/bluemix-go v0.0.0-20251001005609-37dbcddbe871/go.mod h1:lU1/3aolIs4y062yTTokFEiIEssAZqqjdj/5qvkBeq8=
 github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240725064144-454a2ae23113 h1:f2Erqfea1dKpaTFagTJM6W/wnD3JGq/Vn9URh8nuRwk=
 github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240725064144-454a2ae23113/go.mod h1:xUQL9SGAjoZFd4GNjrjjtEpjpkgU7RFXRyHesbKTjiY=
 github.com/IBM-Cloud/power-go-client v1.13.0 h1:TqxPlkJe0VkNdV9hYOD5NRepxEFhhyKXWXfg22x2zhU=
diff --git a/ibm/conns/config.go b/ibm/conns/config.go
@@ -1548,7 +1548,7 @@ func (c *Config) ClientSession() (interface{}, error) {
 		kpurl = fileFallBack(fileMap, c.Visibility, "IBMCLOUD_KP_API_ENDPOINT", c.Region, kpurl)
 	}
 	var options kp.ClientConfig
-	if c.BluemixAPIKey != "" {
+	if (c.BluemixAPIKey != "") && (c.IAMTrustedProfileID == "" && c.IAMTrustedProfileName == "") {
 		options = kp.ClientConfig{
 			BaseURL: EnvFallBack([]string{"IBMCLOUD_KP_API_ENDPOINT"}, kpurl),
 			APIKey:  sess.BluemixSession.Config.BluemixAPIKey, // pragma: allowlist secret
@@ -1591,7 +1591,7 @@ func (c *Config) ClientSession() (interface{}, error) {
 		kmsurl = fileFallBack(fileMap, c.Visibility, "IBMCLOUD_KP_API_ENDPOINT", c.Region, kmsurl)
 	}
 	var kmsOptions kp.ClientConfig
-	if c.BluemixAPIKey != "" {
+	if (c.BluemixAPIKey != "") && (c.IAMTrustedProfileID == "" && c.IAMTrustedProfileName == "") {
 		kmsOptions = kp.ClientConfig{
 			BaseURL: EnvFallBack([]string{"IBMCLOUD_KP_API_ENDPOINT"}, kmsurl),
 			APIKey:  sess.BluemixSession.Config.BluemixAPIKey, // pragma: allowlist secret
@@ -1621,6 +1621,7 @@ func (c *Config) ClientSession() (interface{}, error) {
 			authenticator, err = core.NewIamAssumeAuthenticatorBuilder().
 				SetApiKey(c.BluemixAPIKey).
 				SetIAMProfileID(c.IAMTrustedProfileID).
+				SetURL(EnvFallBack([]string{"IBMCLOUD_IAM_API_ENDPOINT"}, iamURL)).
 				Build()
 			if err != nil {
 				log.Fatalf("Error in authenticating using NewIamAssumeAuthenticatorBuilder. Error: %s", err)
@@ -1630,6 +1631,7 @@ func (c *Config) ClientSession() (interface{}, error) {
 				SetApiKey(c.BluemixAPIKey).
 				SetIAMProfileName(c.IAMTrustedProfileName).
 				SetIAMAccountID(c.Account).
+				SetURL(EnvFallBack([]string{"IBMCLOUD_IAM_API_ENDPOINT"}, iamURL)).
 				Build()
 			if err != nil {
 				log.Fatalf("Error in authenticating using NewIamAssumeAuthenticatorBuilder with trusted profile name. Error: %s", err)
@@ -3785,6 +3787,7 @@ func newSession(c *Config) (*Session, error) {
 	iamURL := EnvFallBack([]string{"IBMCLOUD_IAM_API_ENDPOINT"}, IAMURL)
 	if (c.BluemixAPIKey != "") && (c.IAMTrustedProfileID != "" || c.IAMTrustedProfileName != "") {
 		if c.IAMTrustedProfileID != "" {
+			log.Println("Configuring Session with Trusted Profile ID")
 			authenticator, err = core.NewIamAssumeAuthenticatorBuilder().
 				SetApiKey(c.BluemixAPIKey).
 				SetIAMProfileID(c.IAMTrustedProfileID).
@@ -3794,6 +3797,7 @@ func newSession(c *Config) (*Session, error) {
 				log.Fatalf("Error in authenticating using NewIamAssumeAuthenticatorBuilder. Error: %s", err)
 			}
 		} else {
+			log.Println("Configuring Session with Trusted Profile Name")
 			authenticator, err = core.NewIamAssumeAuthenticatorBuilder().
 				SetApiKey(c.BluemixAPIKey).
 				SetIAMProfileName(c.IAMTrustedProfileName).
@@ -3806,12 +3810,16 @@ func newSession(c *Config) (*Session, error) {
 		}
 	} else if c.BluemixAPIKey != "" || c.IAMRefreshToken != "" {
 		if c.BluemixAPIKey != "" {
+			log.Println("Configuring Session with API Key")
 			authenticator = &core.IamAuthenticator{
-				ApiKey: c.BluemixAPIKey,
-				URL:    iamURL,
+				ApiKey:       c.BluemixAPIKey,
+				URL:          iamURL,
+				ClientId:     "bx",
+				ClientSecret: "bx",
 			}
 		} else {
 			// Construct the IamAuthenticator with the IAM refresh token.
+			log.Println("Configuring Session with refresh token")
 			authenticator = &core.IamAuthenticator{
 				RefreshToken: c.IAMRefreshToken,
 				ClientId:     "bx",
@@ -3820,10 +3828,12 @@ func newSession(c *Config) (*Session, error) {
 			}
 		}
 	} else if strings.HasPrefix(c.IAMToken, "Bearer") {
+		log.Println("Configuring Session with access token")
 		authenticator = &core.BearerTokenAuthenticator{
 			BearerToken: c.IAMToken[7:],
 		}
 	} else {
+		log.Println("Configuring Session with access token")
 		authenticator = &core.BearerTokenAuthenticator{
 			BearerToken: c.IAMToken,
 		}
@@ -3950,7 +3960,7 @@ func RefreshToken(sess *bxsession.Session) error {
 	if err != nil {
 		return err
 	}
-	_, err = tokenRefresher.RefreshToken()
+	err = tokenRefresher.FetchAuthorizationData(config.Authenticator)
 	return err
 }
 
