Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix server error of handling refresh token reuse #704

Merged
merged 1 commit into from
Nov 16, 2022
Merged

fix: fix server error of handling refresh token reuse #704

merged 1 commit into from
Nov 16, 2022
+1 −1

Conversation

sawadashota
Copy link
Contributor

Fix server error of handling refresh token reuse.
When refresh token requests come same time, some times server error is occurred. (related to ory/hydra#3207 )

This error is client matter. So I want to fix it as client error.

Log

{
  "error": {
    "debug": "invalid_request",
    "reason": "",
    "status": "Internal Server Error",
    "status_code": 500
  }
}
StackTrace(debug mode) 
github.com/ory/x/errorsx.WithStack
	/go/pkg/mod/github.com/ory/x@v0.0.368/errorsx/errors.go:38
github.com/ory/fosite/handler/oauth2.(*RefreshTokenGrantHandler).handleRefreshTokenEndpointStorageError
	/go/pkg/mod/github.com/ory/fosite@v0.42.3-0.20220729111320-05d71b23559c/handler/oauth2/flow_refresh.go:241
github.com/ory/fosite/handler/oauth2.(*RefreshTokenGrantHandler).handleRefreshTokenReuse.func1
	/go/pkg/mod/github.com/ory/fosite@v0.42.3-0.20220729111320-05d71b23559c/handler/oauth2/flow_refresh.go:207
github.com/ory/fosite/handler/oauth2.(*RefreshTokenGrantHandler).handleRefreshTokenReuse
	/go/pkg/mod/github.com/ory/fosite@v0.42.3-0.20220729111320-05d71b23559c/handler/oauth2/flow_refresh.go:211
github.com/ory/fosite/handler/oauth2.(*RefreshTokenGrantHandler).HandleTokenEndpointRequest
	/go/pkg/mod/github.com/ory/fosite@v0.42.3-0.20220729111320-05d71b23559c/handler/oauth2/flow_refresh.go:69
github.com/ory/fosite.(*Fosite).NewAccessRequest
	/go/pkg/mod/github.com/ory/fosite@v0.42.3-0.20220729111320-05d71b23559c/access_request_handler.go:108
github.com/ory/hydra/oauth2.(*Handler).TokenHandler
	/project/oauth2/handler.go:584
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2084
github.com/julienschmidt/httprouter.(*Router).Handler.func1
	/go/pkg/mod/github.com/julienschmidt/httprouter@v1.3.0/router.go:275
github.com/julienschmidt/httprouter.(*Router).ServeHTTP
	/go/pkg/mod/github.com/julienschmidt/httprouter@v1.3.0/router.go:387
github.com/urfave/negroni.Wrap.func1
	/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46
github.com/urfave/negroni.HandlerFunc.ServeHTTP
	/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29
github.com/urfave/negroni.middleware.ServeHTTP
	/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2084
github.com/ory/hydra/x.RejectInsecureRequests.func1
	/project/x/tls_termination.go:90
github.com/urfave/negroni.HandlerFunc.ServeHTTP
	/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29
github.com/urfave/negroni.middleware.ServeHTTP
	/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38
github.com/ory/x/metricsx.(*Service).ServeHTTP
	/go/pkg/mod/github.com/ory/x@v0.0.368/metricsx/middleware.go:275
github.com/urfave/negroni.middleware.ServeHTTP
	/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2084
github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerResponseSize.func1
	/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:198
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2084
github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1
	/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:101
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2084
github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func1
	/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:68
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2084
github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2
	/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:76
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2084
github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerRequestSize.func1
	/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:165
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2084
github.com/ory/x/prometheusx.Metrics.instrumentHandlerStatusBucket.func1
	/go/pkg/mod/github.com/ory/x@v0.0.368/prometheusx/metrics.go:108
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2084

Related Issue or Design Document

related to ory/hydra#3207

Checklist

  • I have read the contributing guidelines and signed the CLA.
  • I have referenced an issue containing the design document if my change introduces a new feature.
  • I have read the security policy.
  • I confirm that this pull request does not address a security vulnerability.
    If this pull request addresses a security vulnerability,
    I confirm that I got green light (please contact security@ory.sh) from the maintainers to push the changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added necessary documentation within the code base (if appropriate).

Further comments

@aeneasr aeneasr force-pushed the handle_refresh_token_reuse_error branch from 885e90c to be949da Compare October 5, 2022 08:35
@sawadashota @aeneasr
fix: fix server error of handling refresh token reuse
4715a7e 
Signed-off-by: sawadashota <shota@sslife.tech>
@aeneasr aeneasr force-pushed the handle_refresh_token_reuse_error branch from be949da to 4715a7e Compare November 3, 2022 10:06
@aeneasr aeneasr merged commit f52879d into ory:master Nov 16, 2022
@sawadashota sawadashota deleted the handle_refresh_token_reuse_error branch November 16, 2022 10:32
shipperizer pushed a commit to shipperizer/fosite that referenced this pull request Jan 3, 2024
@sawadashota @shipperizer
fix: fix server error of handling refresh token reuse (ory#704)
c8cedcf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sawadashota @aeneasr