alan-turing-institute / apricot

An OpenID Connect LDAP proxy
BSD 3-Clause "New" or "Revised" License
14 stars 3 forks source link

Avoid token expiry #20

Closed jemrobinson closed 8 months ago

jemrobinson commented 8 months ago

If the OAuth token expires, errors like the following can be seen:

2024-02-26 16:52:00+0000 [-] Starting factory OAuthLDAPServerFactory using adaptor OAuthLDAPTree with backend MicrosoftEntraClient
2024-02-27 09:39:24+0000 [-] Unhandled Error
    Traceback (most recent call last):
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/twisted/internet/tcp.py", line 248, in doRead
        return self._dataReceived(data)
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/twisted/internet/tcp.py", line 253, in _dataReceived
        rval = self.protocol.dataReceived(data)
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/ldaptor/protocols/ldap/ldapserver.py", line 42, in dataReceived
        self.handle(o)
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/ldaptor/protocols/ldap/ldapserver.py", line 120, in handle
        d = defer.maybeDeferred(
    --- <exception caught here> ---
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/twisted/internet/defer.py", line 1075, in _runCallbacks
        current.result = callback(  # type: ignore[misc]
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/ldaptor/protocols/ldap/ldapserver.py", line 81, in _cbLDAPError
        reason.trap(ldaperrors.LDAPException)
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/twisted/python/failure.py", line 481, in trap
        self.raiseException()
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/twisted/python/failure.py", line 505, in raiseException
        raise self.value.with_traceback(self.tb)
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/twisted/internet/defer.py", line 209, in maybeDeferred
        result = f(*args, **kwargs)
      File "/app/apricot/ldap/read_only_ldap_server.py", line 131, in handle_LDAPSearchRequest
        return super().handle_LDAPSearchRequest(request, controls, reply)
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/ldaptor/protocols/ldap/ldapserver.py", line 313, in handle_LDAPSearchRequest
        d = root.lookup(dn)
      File "/app/apricot/ldap/oauth_ldap_tree.py", line 65, in lookup
        return self.root.lookup(dn)
      File "/app/apricot/ldap/oauth_ldap_tree.py", line 45, in root
        for group_attrs in self.oauth_client.validated_groups():
      File "/app/apricot/oauth/oauth_client.py", line 131, in validated_groups
        for user_dict in self.users():
      File "/app/apricot/oauth/microsoft_entra_client.py", line 77, in users
        user_data = self.query(
      File "/app/apricot/oauth/oauth_client.py", line 115, in query
        result = self.session_application.request(
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/requests_oauthlib/oauth2_session.py", line 483, in request
        url, headers, data = self._client.add_token(
      File "/root/.local/share/hatch/env/virtual/apricot-server/9TtSrW0h/apricot-server/lib/python3.11/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 217, in add_token
        raise TokenExpiredError()
    oauthlib.oauth2.rfc6749.errors.TokenExpiredError: (token_expired)