awslabs / ssosync

Populate AWS SSO directly with your G Suite users and groups using either a CLI or AWS Lambda
Apache License 2.0
525 stars 181 forks source link

FindUserByEmail issue with invalid header field value for \"Authorization\" #140

Closed khairulhabibataws closed 7 months ago

khairulhabibataws commented 1 year ago

Describe the bug Failed to complete sync due to error in FindUserByEmail because of Invalid Header Field Value for \"Authorization\"

To Reproduce Steps to reproduce the behavior:

  1. Deploy the code using SAM
  2. Ran the code using test / scheduler
  3. See error

time="2023-07-17T08:46:19Z" level=fatal msg="Notifying Lambda and mark this execution as Failure: Get \"https://scim.ap-southeast-1.amazonaws.com/Dfte6ef098f-17c4-xxxx-xxxx-a82f59c73e5c/scim/v2/Users?filter=userName+eq+%!g(MISSING)owrish.yn%!m(MISSING)health.xxx%!\"(MISSING): GET https://scim.ap-southeast-1.amazonaws.com/Dfte6ef098f-17c4-xxxx-xxxx-a82f59c73e5c/scim/v2/Users?filter=userName+eq+%!g(MISSING)owrish.yn%!m(MISSING)health.xxx%! (MISSING)giving up after 5 attempt(s): Get \"https://scim.ap-southeast-1.amazonaws.com/Dfte6ef098f-17c4-xxxx-xxxx-a82f59c73e5c/scim/v2/Users?filter=userName+eq+%!g(MISSING)owrish.yn%!m(MISSING)health.xxx%!\"(MISSING): net/http: invalid header field value for \"Authorization\""

Filter query seems strange and looks trying to escape some weird character. But error is invalid header.

Expected behavior A clear and concise description of what you expected to happen. Successfully completed a sync for both groups and users

Additional context Add any other context about the problem here. Email on google suite already correct, no strange character.

ChrisPates commented 7 months ago

In v2.1.4 we add connection tests as part of the initialization phase, which should help to rule out expired tokens, and similar.

ChrisPates commented 7 months ago

Can you provide any more information? version number, configuration parameters/envVars. perhaps a redacted log at debug level?