Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid Auth Token when auth token is expired after 12h #177

Open
hanswurscht opened this issue Aug 18, 2022 · 2 comments
Open

Invalid Auth Token when auth token is expired after 12h #177

hanswurscht opened this issue Aug 18, 2022 · 2 comments

Comments

@hanswurscht
Copy link

hanswurscht commented Aug 18, 2022
edited

Hi,

we are using cloudfoundry-client==1.30.0.

Our code is part of a servicebroker with the openbrokerapi framework.
We are trying to access the cf api with a client_id and a client_secret.

Our code is as follows in the constructor:

self._client = CloudFoundryClient(url, verify=cacert_path, client_id=client_id, client_secret=client_secret)
self._client.init_with_client_credentials()

to access one result we later use:

app_guid_response = self._client.v3.apps.get(app_guid)

If the login with init_with_client_credentials() is more than 12h ago, the token expires and accessing the api fails with:

2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [OUT] {"message": "GET: url=https://our.cf.api/v3/service_credential_bindings/9f103727-baab-464f-887e-f28d084119c0 - status_code=401 - vcap-request-id=e395a697-22ba-495c-9213-1667df377148::edc717be-bcd4-4f8a-b8eb-65ded1283297 - response={\n \"errors\": [\n {\n \"detail\": \"Invalid Auth Token\",\n \"title\": \"CF-InvalidAuthToken\",\n \"code\": 1000\n }\n ]\n}", "time": "2022-08-18T06:20:42.746518"} 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] DEBUG:cloudfoundry_client.client:GET: url=https://our.cf.api/v3/service_credential_bindings/9f103727-baab-464f-887e-f28d084119c0 - status_code=401 - vcap-request-id=e395a697-22ba-495c-9213-1667df377148::edc717be-bcd4-4f8a-b8eb-65ded1283297 - response={ 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] "errors": [ 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] { 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] "detail": "Invalid Auth Token", 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] "title": "CF-InvalidAuthToken", 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] "code": 1000 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] } 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] ] 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] }

The stacktrace is part of some more elements, here are the parts from cloudfoundry-client:

2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] service_binding_response = self._client.v3.service_credential_bindings.get(service_binding_guid) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] File "/home/vcap/deps/0/python/lib/python3.8/site-packages/cloudfoundry_client/v3/entities.py", line 238, in get 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] return self._get(requested_path, **kwargs) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] File "/home/vcap/deps/0/python/lib/python3.8/site-packages/cloudfoundry_client/v3/entities.py", line 133, in _get 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] response = self.client.get(url_requested) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] File "/home/vcap/deps/0/python/lib/python3.8/site-packages/cloudfoundry_client/client.py", line 271, in get 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] return CloudFoundryClient._check_response(response) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] File "/home/vcap/deps/0/python/lib/python3.8/site-packages/cloudfoundry_client/client.py", line 309, in _check_response 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] raise InvalidStatusCode(HTTPStatus(response.status_code), body, response.headers.get("x-vcap-request-id")) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] cloudfoundry_client.errors.InvalidStatusCode: UNAUTHORIZED = {"errors": [{"detail": "Invalid Auth Token", "title": "CF-InvalidAuthToken", "code": 1000}]} - vcap-request-id = e395a697-22ba-495c-9213-1667df377148::edc717be-bcd4-4f8a-b8eb-65ded1283297

I thought #88 was supposed to fix that problem?
Thanks!

  • Lorenz
@hanswurscht
Copy link
Author

This also seems to happen when used with username/password instead of client_id/client_secret:

            self._client = CloudFoundryClient(url, verify=cacert_path)        
            self._client.init_with_user_credentials(username, password)
[...] idle until token timed out
            self._client.v3.organizations.get(org_guid) 
self._client.v3.organizations.get(org_guid) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/cloudfoundry_client/v3/entities.py", line 238, in get return self._get(requested_path, **kwargs) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/cloudfoundry_client/v3/entities.py", line 133, in _get response = self.client.get(url_requested) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/cloudfoundry_client/client.py", line 269, in get response = super(CloudFoundryClient, self).get(url, params, **kwargs) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/oauth2_client/credentials_manager.py", line 220, in get return self._bearer_request(self._get_session().get, url, **kwargs) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/oauth2_client/credentials_manager.py", line 242, in _get_session raise OAuthError(HTTPStatus.UNAUTHORIZED, 'no_token', "no token provided") 
oauth2_client.credentials_manager.OAuthError: 401 - no_token : no token provided

@hanswurscht
Copy link
Author

Seems related to #163

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hanswurscht