Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

app.auth: false settings doesnt work anymore with BEARER_TOKEN env variable configured in enviroment #874

Open
oshadura opened this issue Oct 3, 2024 · 1 comment
Open

app.auth: false settings doesnt work anymore with BEARER_TOKEN env variable configured in enviroment #874

oshadura opened this issue Oct 3, 2024 · 1 comment

Comments

@oshadura
Copy link
Contributor

oshadura commented Oct 3, 2024

While deploying the new release 1.5.1, we would like to disable the authentification with app.auth: false. At the same time in the user environment at the facility we already have defined BEARER_TOKEN (xcache bearer token):

cms-jovyan@jupyter-oksana-2eshadura-40cern-2ech:~$ env | grep BEARER
BEARER_TOKEN_FILE=/etc/cmsaf-secrets-chown/access_token

Looks like with disabled authentification, servicex still tries to pick up wrong token:

ERROR opendataaf-servicex servicex_app Got exception while submitting transformation request
Traceback (most recent call last):
  File "/home/servicex/servicex_app/resources/transformation/submit.py", line 145, in post
    user = self.get_requesting_user()
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 167, in decorator
    verify_jwt_in_request(
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 94, in verify_jwt_in_request
    jwt_data, jwt_header, jwt_location = _decode_jwt_from_request(
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 340, in _decode_jwt_from_request
    decoded_token = decode_token(encoded_token, csrf_token)
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/utils.py", line 128, in decode_token
    return jwt_manager._decode_jwt_from_config(encoded_token, csrf_value, allow_expired)
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/jwt_manager.py", line 556, in _decode_jwt_from_config
    return _decode_jwt(**kwargs, allow_expired=allow_expired)
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/tokens.py", line 95, in _decode_jwt
    decoded_token = jwt.decode(
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 211, in decode
    decoded = self.decode_complete(
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 152, in decode_complete
    decoded = api_jws.decode_complete(
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 210, in decode_complete
    self._verify_signature(signing_input, header, signature, key, algorithms)
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 304, in _verify_signature
    raise InvalidAlgorithmError("The specified alg value is not allowed")
jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed extra: {'requestId': '04c440b6-cf2d-42d1-9799-e46f93378955'}
ERROR opendataaf-servicex servicex_app Got exception while submitting transformation request
Traceback (most recent call last):
  File "/home/servicex/servicex_app/resources/transformation/submit.py", line 145, in post
    user = self.get_requesting_user()
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 167, in decorator
    verify_jwt_in_request(
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 94, in verify_jwt_in_request
    jwt_data, jwt_header, jwt_location = _decode_jwt_from_request(
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 340, in _decode_jwt_from_request
    decoded_token = decode_token(encoded_token, csrf_token)
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/utils.py", line 128, in decode_token
    return jwt_manager._decode_jwt_from_config(encoded_token, csrf_value, allow_expired)
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/jwt_manager.py", line 556, in _decode_jwt_from_config
    return _decode_jwt(**kwargs, allow_expired=allow_expired)
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/tokens.py", line 95, in _decode_jwt
    decoded_token = jwt.decode(
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 211, in decode
    decoded = self.decode_complete(
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 152, in decode_complete
    decoded = api_jws.decode_complete(
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 210, in decode_complete
    self._verify_signature(signing_input, header, signature, key, algorithms)
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 304, in _verify_signature
    raise InvalidAlgorithmError("The specified alg value is not allowed")
jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed extra: {'requestId': '76bc42ee-c5d9-42f5-84a7-5fbf872c2369'}
@oshadura oshadura changed the title app.auth: false settings doesnt work anymore with BEARER_TOKEN enviroment app.auth: false settings doesnt work anymore with BEARER_TOKEN env variable configured in enviroment Oct 3, 2024
@ponyisi
Copy link
Collaborator

ponyisi commented Nov 13, 2024

Hi @oshadura - is this still reflecting the situation?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ponyisi @oshadura