Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API returns 500 on an expired access token #2546

Closed
tamirkamara opened this issue Sep 5, 2022 · 0 comments · Fixed by #2572
Closed

API returns 500 on an expired access token #2546

tamirkamara opened this issue Sep 5, 2022 · 0 comments · Fixed by #2572
Assignees
Labels
api Composition Service API bug Something isn't working

Comments

@tamirkamara
Copy link
Collaborator

tamirkamara commented Sep 5, 2022

Describe the bug

  1. When the API gets a request with an expired access token it returns http 500. The client has no idea what's wrong... We should probably return 401 with a description in the body (as we do in other cases).
  2. E2E tests use the same "admin" access token from the start of the root test until the end. At times, this can result in a failure due to a short access token and/or longer than usual test run time. This is a result of using a fixture for this access token, so probably best to change that.

Full error:

Exception in ASGI application
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/starlette/middleware/base.py", line 41, in call_next
message = await recv_stream.receive()
File "/usr/local/lib/python3.8/site-packages/anyio/streams/memory.py", line 94, in receive
return self.receive_nowait()
File "/usr/local/lib/python3.8/site-packages/anyio/streams/memory.py", line 87, in receive_nowait
raise EndOfStream
anyio.EndOfStream

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/uvicorn/protocols/http/httptools_impl.py", line 375, in run_asgi
result = await app(self.scope, self.receive, self.send)
File "/usr/local/lib/python3.8/site-packages/uvicorn/middleware/proxy_headers.py", line 75, in __call__
return await self.app(scope, receive, send)
File "/usr/local/lib/python3.8/site-packages/fastapi/applications.py", line 261, in __call__
await super().__call__(scope, receive, send)
File "/usr/local/lib/python3.8/site-packages/starlette/applications.py", line 112, in __call__
await self.middleware_stack(scope, receive, send)
File "/usr/local/lib/python3.8/site-packages/starlette/middleware/errors.py", line 181, in __call__
raise exc
File "/usr/local/lib/python3.8/site-packages/starlette/middleware/errors.py", line 159, in __call__
await self.app(scope, receive, _send)
File "/usr/local/lib/python3.8/site-packages/starlette/middleware/errors.py", line 181, in __call__
raise exc
File "/usr/local/lib/python3.8/site-packages/starlette/middleware/errors.py", line 159, in __call__
await self.app(scope, receive, _send)
File "/usr/local/lib/python3.8/site-packages/starlette/middleware/base.py", line 63, in __call__
response = await self.dispatch_func(request, call_next)
File "/api/./services/tracing.py", line 83, in dispatch
response = await call_next(request)
File "/usr/local/lib/python3.8/site-packages/starlette/middleware/base.py", line 44, in call_next
raise app_exc
File "/usr/local/lib/python3.8/site-packages/starlette/middleware/base.py", line 34, in coro
await self.app(scope, request.receive, send_stream.send)
File "/usr/local/lib/python3.8/site-packages/starlette/exceptions.py", line 82, in __call__
raise exc
File "/usr/local/lib/python3.8/site-packages/starlette/exceptions.py", line 71, in __call__
await self.app(scope, receive, sender)
File "/usr/local/lib/python3.8/site-packages/fastapi/middleware/asyncexitstack.py", line 21, in __call__
raise e
File "/usr/local/lib/python3.8/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__
await self.app(scope, receive, send)
File "/usr/local/lib/python3.8/site-packages/starlette/routing.py", line 656, in __call__
await route.handle(scope, receive, send)
File "/usr/local/lib/python3.8/site-packages/starlette/routing.py", line 259, in handle
await self.app(scope, receive, send)
File "/usr/local/lib/python3.8/site-packages/starlette/routing.py", line 61, in app
response = await func(request)
File "/usr/local/lib/python3.8/site-packages/fastapi/routing.py", line 217, in app
solved_result = await solve_dependencies(
File "/usr/local/lib/python3.8/site-packages/fastapi/dependencies/utils.py", line 527, in solve_dependencies
solved = await call(**sub_values)
File "/api/./services/aad_authentication.py", line 68, in __call__
decoded_token = self._decode_token(token, config.API_AUDIENCE)
File "/api/./services/aad_authentication.py", line 126, in _decode_token
return jwt.decode(token, key, options={"verify_signature": True}, algorithms=['RS256'], audience=ws_app_reg_id)
File "/usr/local/lib/python3.8/site-packages/jwt/api_jwt.py", line 129, in decode
decoded = self.decode_complete(jwt, key, algorithms, options, **kwargs)
File "/usr/local/lib/python3.8/site-packages/jwt/api_jwt.py", line 116, in decode_complete
self._validate_claims(payload, merged_options, **kwargs)
File "/usr/local/lib/python3.8/site-packages/jwt/api_jwt.py", line 152, in _validate_claims
self._validate_exp(payload, now, leeway)
File "/usr/local/lib/python3.8/site-packages/jwt/api_jwt.py", line 187, in _validate_exp
raise ExpiredSignatureError("Signature has expired")
jwt.exceptions.ExpiredSignatureError: Signature has expired
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api Composition Service API bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants