Uploaded image for project: 'mod-authtoken'
  1. mod-authtoken
  2. MODAT-54

Bad JWT signature errors continuous in okapi log



    • Bug
    • Status: Closed (View Workflow)
    • TBD
    • Resolution: Cannot Reproduce
    • None
    • None
    • None
    • Core: Platform


      According to the investigation in MODSOURMAN-210 we found that if we use expired token it can spam into the okapi log.

      SEVERE: Unsupported JWT format
      org.folio.auth.authtokenmodule.BadSignatureException: Could not verify token eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkaWt1X2FkbWluIiwidXNlcl9pZCI6Ijc3MjkyZGZlLTcwZTktNTQ5ZS04YjZlLWI2ZmVkNDFmMTM3OSIsImlhdCI6MTU3MDAxNjc5NiwidGVuYW50IjoiZGlrdSJ9.NAjwHxX6WhMUESBsbItIc2q-B41dsIfIeCEspo0ckMY
      	at org.folio.auth.authtokenmodule.TokenCreator.checkJWTToken(TokenCreator.java:86)
      2019-10-25 08:35:40,746 INFO  ProxyService         X-Okapi-Permissions-Required: inventory.items.collection.get
      2019-10-25 08:35:40,747 INFO  ProxyService         X-Okapi-Request-Id: 958543/inventory
      2019-10-25 08:35:40,748 INFO  ProxyService         X-Okapi-request-ip:
      2019-10-25 08:35:40,748 INFO  ProxyService         X-Okapi-request-method: GET
      2019-10-25 08:35:40,748 INFO  ProxyService         X-Okapi-request-timestamp: 1571992540738
      2019-10-25 08:35:40,749 INFO  ProxyService         X-Okapi-Tenant: diku
      2019-10-25 08:35:40,749 INFO  ProxyService         X-Okapi-Token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkaWt1X2FkbWluIiwidXNlcl9pZCI6IjQ3MmYyZjlmLWU5ZDktNWRkOC1iZDdhLTY4NTNiNDYwZWJkOSIsImlhdCI6MTU3MTkyNjQzOSwidGVuYW50IjoiZGlrdSJ9.Lf7hZzTnuhC6D0Au0ZqDZyUQeehvIe0helc-1uiFvSI
      2019-10-25 08:35:40,750 INFO  ProxyService         X-Okapi-Url:
      2019-10-25 08:35:40,792 INFO  ProxyContext         958543/inventory RES 401 53451us mod-authtoken-2.4.0-SNAPSHOT.58
      2019-10-25 08:35:40,797 INFO  DockerModuleHandle   mod-authtoken-2.4.0-SNAPSHOT.58 Oct 25, 2019 8:35:40 AM mod-auth-authtoken-module
      2019-10-25 08:35:40,797 INFO  DockerModuleHandle   mod-authtoken-2.4.0-SNAPSHOT.58 SEVERE: Unsupported JWT format

      The same problem for inventory.

      Header and payload of the token look ok after decoding using for example https://jwt.io/ :

        "alg": "HS256"
        "sub": "diku_admin",
        "user_id": "77292dfe-70e9-549e-8b6e-b6fed41f1379",
        "iat": 1570016796,
        "tenant": "diku"

      ui-data app has a place where UI call backend every n second for updating progress. If someone doesn't close tab and env rebuild it sends requests with old (expired) token and it spam to console. Maybe it will be better to change logging to logger.info("Unsupported JWT format", b); instead of error or don't log it

      TestRail: Results


          Issue Links



                adam Adam Dickmeiss
                OleksiiKuzminov Oleksii Kuzminov
                0 Vote for this issue
                8 Start watching this issue



                  TestRail: Runs

                    TestRail: Cases