-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fail to refresh token #238
Comments
Hi @alexhung , any ideas on anything you want us to test about this one? |
These would be very helpful for me to trace the source of the issue. |
Hi @alexhung , we have not verified the problem after the update, but very recently before the update. We already added the debug level, and we got the following in one of the cases:
Has any of the code produced on the 1.8.5 version was focused on this error fixing? |
@Claudiordev No, I want to make sure the lease revoke issue is resolved before I dive into this one. |
@alexhung , after testing for a while, we have not got any more problems with the leases. We have the following very rarely on the logs:
But that's it. The one that is urgent to fix now would be the one mentioned on this issue |
@Claudiordev Thank you for the update. I'm glad the lease revoke issue seems to be resolved. The log in your last message is for revoking token, which is different from this issue (refreshing token). I'll investigate the original issue first then come back to this one. |
Hi @alexhung Ok let me know, we still are facing complaints from the refresh token issue:
|
@Claudiordev What's the TTL for the user token? Is 3600 from above the value you used in your environment? What's your token configuration in your Artifactory/Access (https://jfrog.com/help/r/jfrog-installation-setup-documentation/supported-access-configurations)? I wonder if there's some interaction between the Also, how consistent is this error? Is it happening for every token refresh? Or some proportion of it? |
Hi @alexhung , the TTL is 3600: These are the configurations we have in the plugin:
About the configuration in artifactory I do not have access to it, but Fredrik can provide that information. It's just some porportion of it, from time to time, but when the user starts to have this error, the only fix is to redo the configuration again |
Hi Alex, the error is still persistent, any update on this one? Thanks |
Describe the bug
After the plugin is up and running on the vault instance, when some of the users try to refresh a token, the following error is output in the console:
2025-01-02T11:00:51.452Z [DEBUG] secrets.artifactory.artifactory_7260f7c7.artifactory.artifactory-secrets-plugin_1.8.4: failed to get Viewer role: err="could not get the token: HTTP response Invalid token, signature" func=refreshExpiredAccessToken timestamp=2025-01-02T11:00:51.452Z
They receive a
Error 403, permission denied, invalid token
orError 400: missing access token
on their side.This issue is related to the issues #236 and #237
This instance is configured with the exceptional case of a configuration without a access token:
Artifactory version: 7.98.7
Vault version: 1.18.2
Vault plugin version: 1.8.4
To Reproduce
Steps to reproduce the behavior:
Requirements for and issue
curl
it at$host/artifactory/api/system/version
Expected behavior
Refresh token generated every time the user executes the read command on the path "artifactory/user_token/"
Additional context
It was noticed that this error that happened to 2 users, both had 2FA enabled on artifactory, but no further indications that this is related to the issue were discovered
The text was updated successfully, but these errors were encountered: