Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oidc refresh token #45

Open
martenson opened this issue Jan 7, 2025 · 2 comments · May be fixed by #44
Open

oidc refresh token #45

martenson opened this issue Jan 7, 2025 · 2 comments · May be fixed by #44

Comments

@martenson
Copy link
Member

frequently (every couple of seconds) both qa1 and qa2 have the following trace in logs:

Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]: requests_oauthlib.oauth2_session DEBUG 2025-01-07 07:49:20,956 [pN:main.1,p:17001,tN:WSGI_3] Invoking 0 token response hooks.
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]: galaxy.authnz.managers ERROR 2025-01-07 07:49:20,956 [pN:main.1,p:17001,tN:WSGI_3] An error occurred when refreshing user token
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]: Traceback (most recent call last):
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:   File "/srv/galaxy/server/lib/galaxy/authnz/managers.py", line 359, in refresh_expiring_oidc_tokens_for_provider
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:     refreshed = backend.refresh(trans, auth)
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:   File "/srv/galaxy/server/lib/galaxy/authnz/custos_authnz.py", line 142, in refresh
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:     token = oauth2_session.refresh_token(token_endpoint, **params)
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:   File "/srv/galaxy/venv/lib/python3.11/site-packages/requests_oauthlib/oauth2_session.py", line 496, in refresh_token
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:     self.token = self._client.parse_request_body_response(r.text, scope=self.scope)
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:   File "/srv/galaxy/venv/lib/python3.11/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 427, in parse_request_body_response
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:     self.token = parse_token_response(body, scope=scope)
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:   File "/srv/galaxy/venv/lib/python3.11/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 441, in parse_token_response
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:     validate_token_parameters(params)
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:   File "/srv/galaxy/venv/lib/python3.11/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 448, in validate_token_parameters
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:     raise_from_error(params.get('error'), params)
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:   File "/srv/galaxy/venv/lib/python3.11/site-packages/oauthlib/oauth2/rfc6749/errors.py", line 399, in raise_from_error
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]:     raise cls(**kwargs)
Jan 07 07:49:20 galaxy-qa-nd-1 galaxyctl[17001]: oauthlib.oauth2.rfc6749.errors.InvalidClientIdError: (invalid_request) refresh_token parameter not provided
@martindemko
Copy link
Contributor

Hi, I know about it. It more-or-less just a warning, it doesn't cause troubles to Galaxy. Ales fixed it in some PR to Galaxy base. Honestly I don't know why it's still aparing. Try to ask him, please.

@martenson
Copy link
Member Author

martenson commented Jan 7, 2025
edited
Loading

it is because we do not have refresh_token stored in database for our users. Could be a provider issue/misconfiguration? ping @ljocha

@martenson martenson linked a pull request Jan 8, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

polish and clean martenson/usegalaxy-cz
2 participants
@martenson @martindemko