From c08c809a599036d7049499195571d6931aa93463 Mon Sep 17 00:00:00 2001
From: Dave Dykstra <2129743+DrDaveD@users.noreply.github.com>
Date: Thu, 13 Nov 2025 10:54:43 -0600
Subject: [PATCH] fix --showbearerurl in combination with --nobearertoken

---
 htgettoken.1                 | 4 +++-
 htgettoken.spec              | 3 +++
 htgettoken/__init__.py       | 2 +-
 tests/013-showbearerurl/main | 2 +-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/htgettoken.1 b/htgettoken.1
index 456d5ab..82dbe60 100644
--- a/htgettoken.1
+++ b/htgettoken.1
@@ -234,7 +234,9 @@ need the rest of the
 functionality.
 .TP
 .B \-\-nobearertoken
-Skip getting a bearer token; only get a vault token.
+Skip getting a bearer token.  Always gets a vault token except in
+combination with 
+.BR \-\-showbearerurl .
 .TP
 .BR \-o\ path , \ \-\-out=path
 The path of the file used to store the bearer token on the local
diff --git a/htgettoken.spec b/htgettoken.spec
index 333e669..7139366 100644
--- a/htgettoken.spec
+++ b/htgettoken.spec
@@ -74,6 +74,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+# - Again fix --showbearerurl to work in combination with --nobearertoken.
+#   That was fixed in 1.17 but broken in 1.21 and 2.0.
+
 * Fri Jun 20 2025 Dave Dykstra <dwd@fnal.gov> 2.4-1
 - Add the new -s and -f options to the htdecodetoken usage summary.
 - Add a -v option to htdecodetoken to show the token source.
diff --git a/htgettoken/__init__.py b/htgettoken/__init__.py
index 79e87cd..11a06b0 100644
--- a/htgettoken/__init__.py
+++ b/htgettoken/__init__.py
@@ -816,7 +816,7 @@ def main(args=None):
                     response = {'auth' : {'client_token': vaulttoken}}
                     vaulttoken = getVaultToken(vaulttokensecs, response)
                     writeTokenSafely("vault", vaulttoken, vaulttokenfile)
-                elif options.nobearertoken:
+                elif options.nobearertoken and not options.showbearerurl:
                     # force getting a new vault token
                     tryget = False
                 elif vaulttokenminsecs > 0:
diff --git a/tests/013-showbearerurl/main b/tests/013-showbearerurl/main
index a2bb3a5..c07a67a 100644
--- a/tests/013-showbearerurl/main
+++ b/tests/013-showbearerurl/main
@@ -1,4 +1,4 @@
-URL="$(htgettoken --nooidc -a $VAULTSERVER -i $ISSUER --showbearerurl --nobearertoken)"
+URL="$(htgettoken --nooidc --nokerberos --nossh -a $VAULTSERVER -i $ISSUER --showbearerurl --nobearertoken)"
 
 if [ -z "$URL" ]; then
     echo "Nothing came from stdout!"