Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement JWT refresh endpoint #784

Closed
truedat101 opened this issue Mar 6, 2023 · 3 comments
Closed

Implement JWT refresh endpoint #784

truedat101 opened this issue Mar 6, 2023 · 3 comments
Assignees
@pluma4345
Labels
Feature Request Request for new functionality to be added to the driver.

Comments

@truedat101
Copy link

In our use of 6.14.1 arangojs, we have something like this snippet below. We notice that over time, eventually our connection starts getting 401 auth errors on all requests, embedded in some nestjs nasty error dump: not authorized to execute this request {"code":401,"errorNum":11,"isArangoError":true ......

This happens at exactly 30 days from the last server reboot. The problem appears to be that the session JWT token expires as it relates to the DB auth. While that is not a lost cause, it is clearly a problem in the app hanging on to the connect and not closing them as they are finished, or not having a way to refresh the token on a sane interval (my preferred approach), or having some fall back logic to restore a connection. I'll go about figuring out the third option. That said, what is the recommended practice with this driver? I am using NestJS and there really aren't any active / strong database provider integrations unfortunately that are active and our own is a variant of a version from some years ago. Is there any possibility that a new driver version handles this behavior differently?

Any advice will help.

const config = {
      url: env.dbUrl,
      maxRetries: 25,
      precaptureStackTraces: true
    };
    const db = new Database(config);
    db.login(env.dbUser, env.dbPass);
    db.useDatabase(env.dbName);
@pluma4345
Copy link
Member

This is a limitation of using db.login at the moment, yes. Please note that if you have the username and password, you can alternatively use db.useBasicAuth instead of using JWT based authentication.

Also note that your code contains a bug: db.login is asynchronous and returns a promise which you need to await. On the other hand db.useBasicAuth is synchronous and merely changes the configuration of the driver. Additionally useDatabase is deprecated. You should pass the database name as part of the configuration (you can also pass the username/password as part of the configuration btw): https://arangodb.github.io/arangojs/devel/types/connection.Config.html

@pluma4345
Copy link
Member

There seems to be a refresh endpoint the frontend also uses. With JWT expiration now being much lower than in older versions of ArangoDB, we should probably support that.

@pluma4345 pluma4345 changed the title JWT auth duration / expiry on db.login(), and token refresh Implement JWT refresh endpoint Apr 26, 2023
@pluma4345 pluma4345 added the Feature Request Request for new functionality to be added to the driver. label Apr 26, 2023
@pluma4345 pluma4345 self-assigned this Apr 26, 2023
@truedat101
Copy link
Author

Thank you - fix applied. Working successfully.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pluma4345 pluma4345

Labels
Feature Request Request for new functionality to be added to the driver.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@truedat101 @pluma4345