Uploaded image for project: 'mod-authtoken'
  1. mod-authtoken
  2. MODAT-54

Bad JWT signature errors continuous in okapi log

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: TBD
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Template:
    • Development Team:
      Core: Platform

      Description

      According to the investigation in MODSOURMAN-210 we found that if we use expired token it can spam into the okapi log.

      SEVERE: Unsupported JWT format
      org.folio.auth.authtokenmodule.BadSignatureException: Could not verify token eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkaWt1X2FkbWluIiwidXNlcl9pZCI6Ijc3MjkyZGZlLTcwZTktNTQ5ZS04YjZlLWI2ZmVkNDFmMTM3OSIsImlhdCI6MTU3MDAxNjc5NiwidGVuYW50IjoiZGlrdSJ9.NAjwHxX6WhMUESBsbItIc2q-B41dsIfIeCEspo0ckMY
      	at org.folio.auth.authtokenmodule.TokenCreator.checkJWTToken(TokenCreator.java:86)
      
      2019-10-25 08:35:40,746 INFO  ProxyService         X-Okapi-Permissions-Required: inventory.items.collection.get
      2019-10-25 08:35:40,747 INFO  ProxyService         X-Okapi-Request-Id: 958543/inventory
      2019-10-25 08:35:40,748 INFO  ProxyService         X-Okapi-request-ip: 10.0.2.2
      2019-10-25 08:35:40,748 INFO  ProxyService         X-Okapi-request-method: GET
      2019-10-25 08:35:40,748 INFO  ProxyService         X-Okapi-request-timestamp: 1571992540738
      2019-10-25 08:35:40,749 INFO  ProxyService         X-Okapi-Tenant: diku
      2019-10-25 08:35:40,749 INFO  ProxyService         X-Okapi-Token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkaWt1X2FkbWluIiwidXNlcl9pZCI6IjQ3MmYyZjlmLWU5ZDktNWRkOC1iZDdhLTY4NTNiNDYwZWJkOSIsImlhdCI6MTU3MTkyNjQzOSwidGVuYW50IjoiZGlrdSJ9.Lf7hZzTnuhC6D0Au0ZqDZyUQeehvIe0helc-1uiFvSI
      2019-10-25 08:35:40,750 INFO  ProxyService         X-Okapi-Url: http://10.0.2.15:9130
      2019-10-25 08:35:40,792 INFO  ProxyContext         958543/inventory RES 401 53451us mod-authtoken-2.4.0-SNAPSHOT.58 http://10.0.2.15:9145/inventory/items
      2019-10-25 08:35:40,797 INFO  DockerModuleHandle   mod-authtoken-2.4.0-SNAPSHOT.58 Oct 25, 2019 8:35:40 AM mod-auth-authtoken-module
      2019-10-25 08:35:40,797 INFO  DockerModuleHandle   mod-authtoken-2.4.0-SNAPSHOT.58 SEVERE: Unsupported JWT format
      

      The same problem for inventory.

      Header and payload of the token look ok after decoding using for example https://jwt.io/ :

      {
        "alg": "HS256"
      }
      
      {
        "sub": "diku_admin",
        "user_id": "77292dfe-70e9-549e-8b6e-b6fed41f1379",
        "iat": 1570016796,
        "tenant": "diku"
      }
      

      ui-data app has a place where UI call backend every n second for updating progress. If someone doesn't close tab and env rebuild it sends requests with old (expired) token and it spam to console. Maybe it will be better to change logging to logger.info("Unsupported JWT format", b); instead of error or don't log it

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                adam Adam Dickmeiss
                Reporter:
                OleksiiKuzminov Oleksii Kuzminov
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                  Dates

                  Created:
                  Updated:

                    TestRail: Runs

                      TestRail: Cases