User token sometimes does not have expected agent ACL


Given I am a user
Given I have an agent associated
Given wazo-auth service token has expired
When I create a token for myself
Then I don't have the `agentd` ACLs

Expected: I have the `agentd` ACLs

Technical details:

  • wazo-auth has bound database session with HTTP session

  • wazo-auth does not use HTTP session to create its own token

  • when wazo-auth tries to renew its own token, it does it within the first POST HTTP session and does not commit before the end of the first HTTP session


  • Add /users/me/… endpoints in wazo-agentd and remove fetching data from wazo-auth to wazo-confd, so that wazo-auth does not need a token

  • Commit the new token before actually using it

  • Use free-form metadata on users, so that tokens ACL templates can be filled with other arbitrary data, without having a predefined list fetched in wazo-confd.



Pascal Cadotte


Sébastien Duthil




François Blackburn