fix: downscopeing issues #3211
Merged
fix: downscopeing issues #3211
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This pull request is automatically being deployed by Amplify Hosting (learn more). |
lismith2-cisco
requested changes
Nov 23, 2023
maxinteger
force-pushed
the
fix/SPARK-474816-sanitize-scopes
branch
2 times, most recently
from
e5c984a
to
286444f
Compare
lismith2-cisco
requested changes
Nov 28, 2023
Scopes defined by the app and the scopes from the idbroker can mismatch and cause "invalid scope" error during downscoping. It can happen when a new release of the app define more scopes, but the user did not logout and in again to get the new scopes from idbroker. Unfortunately super token refresh does not update the scopes. solution: Exclude invalid scopes from the downscope request (and log a warning), except when the downscope called with only invalid scopes, in this case we let handle the error by the downscope function and fallback to the super token. This should greatly reduce the the number of 400 error during downscope. issue: SPARK-474816
- moved the scope diff check into the refresh method - added more tests
- filter out invalid tokens before user token refresh - added details to metric calls
maxinteger
force-pushed
the
fix/SPARK-474816-sanitize-scopes
branch
from
ec1f711
to
e49816f
Compare
lismith2-cisco
requested changes
Dec 6, 2023
| this.logger.trace(`credentials: falling back to supertoken for ${scope}`); | ||
| this.webex.internal.metrics.submitClientMetrics(METRICS.JS_SDK_CREDENTIALS_DOWNSCOPE_FAILED, { | ||
| fields: {failReason}, |
There was a problem hiding this comment.
Does the fail reason include the supertoken scope and the attemped scope? If not, could we add this to the metric?
lismith2-cisco
approved these changes
Dec 6, 2023
jor-row
approved these changes
Dec 11, 2023
mkesavan13
added a commit
to meta-dipanshu-sharma/webex-js-sdk
that referenced
this pull request
Jan 11, 2024
* feat(meeting-info-fail): destroy meeting on meeting info fail if flag is true (webex#3200) Co-authored-by: ndelmar <ndelmar@cisco.com> * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.262 [skip ci] * fix: added metrics to addMedia success/failure metrics (webex#3220) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.263 [skip ci] * fix(plugin-meetings): screen share when shared by same user different client (webex#3177) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.264 [skip ci] * fix(internal-plugin-metrics): bump event dictionary version (webex#3216) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.265 [skip ci] * feat(plugin-metrics): classify network errors (webex#3224) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.266 [skip ci] * feat(plugin-metrics): classify unauthorized errors (webex#3229) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.267 [skip ci] * fix(public): setcorrelation id is made public to be used in cantina (webex#3230) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.268 [skip ci] * feat(plugin-metrics): use network category for relevant errors (webex#3231) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.269 [skip ci] * fix: added logging for getCurrentConnectionType() error cases (webex#3233) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.270 [skip ci] * fix(plugin-meetings): add latency metrics for addMedia (webex#3234) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.271 [skip ci] * feat(ca): add identifiers confId, mid (webex#3226) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.272 [skip ci] * fix: log call parameters when mercury _emit fails (webex#3228) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.273 [skip ci] * feat(ca): add fallback to preLoginId for userId (webex#3221) Co-authored-by: Catalin <ctorge@cisco.com> * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.274 [skip ci] * chore(internal-media-core): version bump (webex#3237) * docs(api): update docs [skip ci] * fix(plugin-meetings): update internal media core to 2.0.6 (webex#3241) Co-authored-by: Bryce Tham <btham@cisco.com> * docs(api): update docs [skip ci] * fix: downscopeing issues (webex#3211) make sure SDK never request new user token from the server with invalid scope(s) and log every attempt correctly * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.275 [skip ci] * fix(breakouts): user gets removed from meeting after end of session (webex#3239) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.276 [skip ci] * fix(plugin-meetings): audio still working when addMedia called with audioEnabled: false (webex#3247) Co-authored-by: ndelmar <ndelmar@cisco.com> * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.277 [skip ci] * fix(plugin-meetings): add tls transport type (webex#3243) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.278 [skip ci] * feat(media): add ice failure groupings for CA (webex#3240) Co-authored-by: Catalin <ctorge@cisco.com> * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.279 [skip ci] * fix(integration): fix waitForPublished() in SDK integration tests (webex#3242) Co-authored-by: Priya Kesari <pkesari@cisco.com> * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.280 [skip ci] * feat(meeting): stats report on media failure (webex#3245) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.281 [skip ci] * fix(plugin-meetings): refactor addMedia and add separate timeout for sdp exchange (webex#3244) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.282 [skip ci] * fix(samples): avoid init failure for tokens without additional features (webex#3257) * fix(metrics) : Call diagnostics validator (webex#3259) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.283 [skip ci] * fix(metrics): catalog-delay (webex#3235) Co-authored-by: peter-robert-cole <peter7cole@gmail.com> * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.284 [skip ci] * feat(logs): add log metadata (webex#3260) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.285 [skip ci] * fix: local linking with internal-media-core (webex#3265) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.286 [skip ci] * feat(plugin-metrics): payload overrides (webex#3270) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.287 [skip ci] * feat(webinar): add webinar related props (webex#3253) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.288 [skip ci] * fix(calling): exporting interfaces, types from index.ts file (webex#3275) Co-authored-by: Priya Kesari <pkesari@cisco.com> * fix(call): error-handling-for-empty-track-while-answer-dial (webex#3277) Co-authored-by: Shreyas Sharma <shreysh2@cisco.com> * fix: use candidate pairs to identify correct local candidate (webex#3258) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.289 [skip ci] * feat(members): add reclaimHostRole functionality (webex#3272) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.290 [skip ci] * fix(calling): remove logging of personal info (webex#3279) * fix(metrics): update to confIdStr (webex#3280) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.291 [skip ci] * feat(calling): add updateMedia in call (webex#3284) * feat(plugin-meetings): retry media connection on turn tls (webex#3261) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.292 [skip ci] * fix(plugin-meetings): force turn discovery on reconnection (webex#3285) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.293 [skip ci] * Fix mercury log (webex#3236) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.294 [skip ci] * fix: added support for Roap optimized flow for offer/answer/ok (webex#3271) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.295 [skip ci] * fix(calling): extend eventing class on ILine interface (webex#3286) Co-authored-by: Priya Kesari <pkesari@cisco.com> * fix(calling): export LocalMicrophoneStream (webex#3290) Co-authored-by: Priya Kesari <pkesari@cisco.com> * fix(plugin-logger): redact mtid (webex#3287) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.296 [skip ci] * feat(plugin-metrics): add error handling to assign role function (webex#3289) Co-authored-by: ndelmar <ndelmar@cisco.com> * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.297 [skip ci] * feat(plugin-meetings): fix .only test (webex#3294) Co-authored-by: ndelmar <ndelmar@cisco.com> * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.298 [skip ci] * fix(samples): reorder and group the ui with similar features (webex#3262) Co-authored-by: Rajesh Kumar <rajeshtezu90@gmail.com> * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.299 [skip ci] * fix(plugin-meetings): don't send turn latency if it fails (webex#3296) * fix(plugin-meetings): add retriedWithTurnServer to add media success metric (webex#3295) * fix(plugin-meetings): don't wait for timeout when sending roap offer fails (webex#3293) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.300 [skip ci] * fix: update internal-media-core to 2.2.1 (webex#3298) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.301 [skip ci] * feat(http-core): capitalize Authorization header (webex#3300) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.302 [skip ci] * feat(fraud): add localIP to join request (webex#3282) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.303 [skip ci] * fix(meetings): ensure non-undefined value for peripheral information property (webex#3281) * docs(api): update docs [skip ci] * chore(release): v3.0.0-beta.304 [skip ci] * test(metrics): skipped failing tests with todo * fix(samples): merge commit resolution --------- Co-authored-by: Natalia del Mar <56999622+nataliadelmar@users.noreply.github.com> Co-authored-by: ndelmar <ndelmar@cisco.com> Co-authored-by: Webex Publisher <webex-jenkins.gen@cisco.com> Co-authored-by: Marcin <marcin.bazyl@gmail.com> Co-authored-by: shivani1211 <shivaniyadav1211@gmail.com> Co-authored-by: Lisa Smith <82507773+lismith2-cisco@users.noreply.github.com> Co-authored-by: Coread <coread@cisco.com> Co-authored-by: Martin Roos <82158095+martroos@users.noreply.github.com> Co-authored-by: shnaaz <82164376+shnaaz@users.noreply.github.com> Co-authored-by: Jordan Rowan <86778628+jor-row@users.noreply.github.com> Co-authored-by: chrisadubois <chdubois@cisco.com> Co-authored-by: László Vadász <maxinteger@gmail.com> Co-authored-by: Catalin Torge <torgeadelin@gmail.com> Co-authored-by: Catalin <ctorge@cisco.com> Co-authored-by: Bryce Tham <brycetham@users.noreply.github.com> Co-authored-by: Bryce Tham <btham@cisco.com> Co-authored-by: Charles Burkett <chburket@cisco.com> Co-authored-by: Tyler McCarthy <74213828+mccarthytyler@users.noreply.github.com> Co-authored-by: Kesari3008 <65543166+Kesari3008@users.noreply.github.com> Co-authored-by: Priya Kesari <pkesari@cisco.com> Co-authored-by: Sreekanth Narayanan <131740035+sreenara@users.noreply.github.com> Co-authored-by: Timothy Scheuering <InteractiveTimmy@users.noreply.github.com> Co-authored-by: peter-robert-cole <peter7cole@gmail.com> Co-authored-by: JudyZhu <120536178+JudyZhuHz@users.noreply.github.com> Co-authored-by: Shreyas Sharma <72344404+Shreyas281299@users.noreply.github.com> Co-authored-by: Shreyas Sharma <shreysh2@cisco.com> Co-authored-by: Rajesh Kumar <131742425+rarajes2@users.noreply.github.com> Co-authored-by: Rajesh Kumar <rajeshtezu90@gmail.com> Co-authored-by: Bin Xu <71026292+bxu2@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
COMPLETES SPARK-474816
This pull request addresses
Scopes defined by the app and the scopes from the idbroker can mismatch and cause "invalid scope" error during downscoping.
It can happen when a new release of the app define more scopes, but the user did not logout and in again to get the new scopes from idbroker. Unfortunately super token refresh does not update the scopes.
by making the following changes
Exclude invalid scopes from the downscope request (and log a warning), except when the downscope called with only invalid scopes, in this case we let handle the error by the downscope function and fallback to the super token.
This should greatly reduce the the number of 400 error during downscope.
Change Type
The following scenarios where tested
< ENUMERATE TESTS PERFORMED, WHETHER MANUAL OR AUTOMATED >
I certified that
I have read and followed contributing guidelines
I discussed changes with code owners prior to submitting this pull request
I have not skipped any automated checks
All existing and new tests passed
I have updated the documentation accordingly
Make sure to have followed the contributing guidelines before submitting.