New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NIFI-11107 In ConsumeIMAP and ConsumePOP3 added support for OAUTH based authorization. #6900
Conversation
…ed authorization.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @tpalfy, LGTM!
Tested ConsumeIMAP with Office365 and it works as expected.
Thanks for your review and test @nandorsoma! |
The refresh authentication token is working? When my token is expired, a authenticate error is returned. |
@AnTu2702 The So according to this, token expiration is handled already. Do we have proof that this doesn't work for some reason? |
Yes, implement ConsumeImapProcessor with OAUTH2 and an associated oauth2AccessTokenProviderService. We startet a local debug with break points. Configured the ConsumeImapProcessor with Schedule "Cron-Based" every 5 minutes. onScheduled => triggered on enabling the Processor Every 5 minutes there is the onTriggered Method triggered and not the onScheduled. That is general for all Processors which use the AbstractEmailProcessor. |
In IMAP Processor buildUrl will be triggered on creation of new receiver.
And the buildMessageReceiver is requested here in AbstractEmailProcessor
This is called in onTrigger method of AbstractEmailProcessor, but the receiver still exists since start up, so buildUrl will never be requested again after enabling the ConsumeImapProcessor.
|
Hey @tpalfy. The |
I was able to build and deploy a local nifi-emal-nar-1.24.0.nar file... ...working fine with the patch! Remark: |
Thanks @AnTu2702 and @RomanOttGmx for the explanaion. As for your fix @AnTu2702 I'm a bit confused though. If we only refresh the token but don't rebuild the url I don't see how that would work. Yes, we have a fresh token but are we actually using it? |
@tpalfy You are absolutely right. I just tested the refresh mechanism [OK] (and did not wait the 3600 s until the first access token really expired [NOK]) with my intended fix that morning. So the refreshed token nonetheless needs to be considered by the processor accessing the IMAP server! Seems, that the real fix needs to be a bit different... involving |
@tpalfy @RomanOttGmx It is a bit ugly, because the What do you think? |
@AnTu2702 Not sure about this new approach. Not trivial as it would require some refactoring but I think it could be worth it. |
@tpalfy How about a quick bugfix for https://issues.apache.org/jira/browse/NIFI-12859 using this new approach for NIFI 1.26 and then refactoring it afterwards? We really really depend on having that fixed in the next couple of weeks. 😕 |
@AnTu2702 I think I can add a not too complicated change that only recreates the Since there are connections involved and given the fact that onTriggers can be called very frequently, it's better to have it like this right away. |
Hm... Sorry, but I have doubts about this... @tpalfy Our access tokens e.g. are valid for 60 minutes only. So an authentication exception should IMHO never be intended to occur at all... ... But simply to have a quickfix für NIFI 1.26 still better than nothing. ;-) |
Okay, that's fair. I have a PR up with my proposed changes here: #8494 In it's first state it only recreates the mail receiver if an error is encountered. I'm going to update it by keeping the first commit, adding a revert commit and adding a new one that checks if the token has been refreshed. So both approach can be checked. |
@tpalfy Hey. How are you? First of all: Thanks for the fix/workaround in NIFI 1.26. The ConsumeIMAP Processor is continuously logging this ERROR... We still have serious doubts to take this into production because of the log being spammed and of course the fact, that we have no clue, what causes this error. Could you help and double check your fix/workaround? |
Summary
NIFI-11107
Tracking
Please complete the following tracking steps prior to pull request creation.
Issue Tracking
Pull Request Tracking
NIFI-00000
NIFI-00000
Pull Request Formatting
main
branchVerification
Please indicate the verification steps performed prior to pull request creation.
Build
mvn clean install -P contrib-check
Licensing
LICENSE
andNOTICE
filesDocumentation