Token refresh fails after a few days #118
Comments
simongottschlag
changed the title
This was referenced Apr 4, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue reported where the azad-kube-proxy had been running for 17 days, sync ticker seemed to work fine but user group extraction seemed not to work. After restarting the pod, it started working again.
The following error could be seen: (a lot earlier than the problem though)
{"level":"error","ts":1615846556.7367725,"caller":"azure/user.go:29","msg":"Unable to get Azure AD groups for user","objectID":"<uuid>","responseCode":401,"error":"unexpected status 401 with OData error: Authentication_ExpiredToken: Your access token has expired. Please renew it before submitting the request.","stacktrace":"github.com/xenitab/azad-kube-proxy/pkg/azure.(*user).getGroups\n\t/workspace/pkg/azure/user.go:29\ngithub.com/xenitab/azad-kube-proxy/pkg/azure.(*Client).GetUserGroups\n\t/workspace/pkg/azure/azure.go:92\ngithub.com/xenitab/azad-kube-proxy/pkg/user.(*Client).GetUser\n\t/workspace/pkg/user/user.go:40\ngithub.com/xenitab/azad-kube-proxy/pkg/handlers.(*Client).AzadKubeProxyHandler.func1\n\t/workspace/pkg/handlers/handlers.go:153\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\ngithub.com/rs/cors.(*Cors).Handler.func1\n\t/go/pkg/mod/github.com/rs/cors@v1.7.0/cors.go:219\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\ngithub.com/xenitab/azad-kube-proxy/pkg/cors.(*Client).Middleware.func1\n\t/workspace/pkg/cors/cors.go:64\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\ngithub.com/xenitab/azad-kube-proxy/pkg/dashboard.(*k8dashClient).preAuth.func1\n\t/workspace/pkg/dashboard/k8dash.go:125\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/gorilla/mux@v1.8.0/mux.go:210\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2887\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1952"} {"level":"error","ts":1615846556.7369082,"caller":"handlers/handlers.go:155","msg":"Unable to get user","error":"unexpected status 401 with OData error: Authentication_ExpiredToken: Your access token has expired. Please renew it before submitting the request.","stacktrace":"github.com/xenitab/azad-kube-proxy/pkg/handlers.(*Client).AzadKubeProxyHandler.func1\n\t/workspace/pkg/handlers/handlers.go:155\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\ngithub.com/rs/cors.(*Cors).Handler.func1\n\t/go/pkg/mod/github.com/rs/cors@v1.7.0/cors.go:219\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\ngithub.com/xenitab/azad-kube-proxy/pkg/cors.(*Client).Middleware.func1\n\t/workspace/pkg/cors/cors.go:64\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\ngithub.com/xenitab/azad-kube-proxy/pkg/dashboard.(*k8dashClient).preAuth.func1\n\t/workspace/pkg/dashboard/k8dash.go:125\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/gorilla/mux@v1.8.0/mux.go:210\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2887\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1952"}The text was updated successfully, but these errors were encountered: