OpenAPI UI returns 401 after idling for extended period of time

[fmhwong]

Describe the bug
Open Liberty OpenAPI UI and worked on it and everything was fine. On the next morning, reloaded the same browser tab and got the following screen.

If there is a stack trace, please include the FULL stack trace (without any [internal classes] lines in it). To find the full stack trace, you may need to check in $WLP_OUTPUT_DIR/messages.log

Steps to Reproduce

1. Use the OpenAPI UI on the first day and leave the tab open
2. Reload the same browser on the next day
3. Clear the browser cache
4. The OpenAPI UI page loads again

Expected behavior
I expect I can reload the OpenAPI UI and use it again on the next day

Diagnostic information:

• OpenLiberty Version: Open Liberty 24.0.0.1\/wlp-1.0.85.cl240120240115-2042
• Affected feature(s) mpOpenAPI-3.1
• Java Version: Eclipse OpenJ9 VM, version 17.0.9+9
• server.xml configuration (WITHOUT sensitive information like passwords)
• If it would be useful, upload the messages.log file found in $WLP_OUTPUT_DIR/messages.log

Found this error message from messages.log

CWWKS5375E: The social login configuration [okdServiceLogin] specifies that an access token is required in the request, but an access token is not present.

Additional context
Add any other context about the problem here.

[Azquelt]

Sorry, I didn't see this when it was raised.

It looks like some kind of authentication is needed to access the /openapi endpoint, but that's odd because that's a public endpoint.

Did you have something configured in your server.xml which restricted access to the /openapi and/or the /openapi/ui endpoints? If so we probably need to add tests for this and possibly add logic to more gracefully handle a 401 response (probably by reloading the UI on the assumption that accessing the UI will require the same credentials).

In this case, I would hope that refreshing the page would also fix the issue (without needing to clear the cache).

Alternatively, is it possible that you had a different server without mpOpenAPI enabled, running on the same port such that the UI which was still loaded in your browser is now trying to access /openapi on a server which isn't serving that endpoint?

[Azquelt]

@fmhwong Can you give any more detail on how the server was configured when the problem occurred so that we can track down if we really have a defect here?

From the error it sounds like you were using socialLogin-1.0 with OpenShift? I don't think that should restrict access to /openapi since the docs say that your app also needs a security constraint and the /openapi endpoint doesn't have one. There's also the option of using an authFilter, do you recall if you had one of those?

Unless we can pull together enough information to reproduce the issue, I'd like to close this.