Discussions

Hi, I have followed the instructions at https://roserocket.readme.io/docs/getting-started and I am able to successfully query the API. However, I am finding that as I introduce this token to a distributed environment, I do not understand how it should be managed. In my initial implementation, I had every instance that needed access to the token retrieve it independently from the authentication endpoint, passing in the pre-configured credentials. As I scaled my architecture and began testing, I had several Lambdas querying Rose Rocket simultaneously. In order to do that, each one retrieved the credentials from a vault and queried the token endpoint to generate a new token.

Unfortunately, I began seeing errors like token has been invalidated or is invalid. Does refreshing the access token invalidate the previous ones? How can I manage this token in an asynchronous architecture where distributed environments all need access to the Rose Rocket API? I can't even manage the token centrally and rotate it safely because this action will cause some environments to break in the middle of their execution.

I would greatly appreciate your insight into this problem.

Thanks,
Max