cloudfoundry-community / cf-python-client

Small cloudfoundry client implemented in python
Apache License 2.0
52 stars 50 forks source link

Invalid Auth Token when auth token is expired after 12h #177

Open hanswurscht opened 2 years ago

hanswurscht commented 2 years ago

Hi,

we are using cloudfoundry-client==1.30.0.

Our code is part of a servicebroker with the openbrokerapi framework. We are trying to access the cf api with a client_id and a client_secret.

Our code is as follows in the constructor:

self._client = CloudFoundryClient(url, verify=cacert_path, client_id=client_id, client_secret=client_secret)
self._client.init_with_client_credentials()

to access one result we later use:

app_guid_response = self._client.v3.apps.get(app_guid)

If the login with init_with_client_credentials() is more than 12h ago, the token expires and accessing the api fails with:

2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [OUT] {"message": "GET: url=https://our.cf.api/v3/service_credential_bindings/9f103727-baab-464f-887e-f28d084119c0 - status_code=401 - vcap-request-id=e395a697-22ba-495c-9213-1667df377148::edc717be-bcd4-4f8a-b8eb-65ded1283297 - response={\n \"errors\": [\n {\n \"detail\": \"Invalid Auth Token\",\n \"title\": \"CF-InvalidAuthToken\",\n \"code\": 1000\n }\n ]\n}", "time": "2022-08-18T06:20:42.746518"} 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] DEBUG:cloudfoundry_client.client:GET: url=https://our.cf.api/v3/service_credential_bindings/9f103727-baab-464f-887e-f28d084119c0 - status_code=401 - vcap-request-id=e395a697-22ba-495c-9213-1667df377148::edc717be-bcd4-4f8a-b8eb-65ded1283297 - response={ 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] "errors": [ 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] { 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] "detail": "Invalid Auth Token", 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] "title": "CF-InvalidAuthToken", 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] "code": 1000 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] } 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] ] 
2022-08-18T08:20:42.746+02:00 [APP/PROC/WEB/0] [ERR] } 

The stacktrace is part of some more elements, here are the parts from cloudfoundry-client:

2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] service_binding_response = self._client.v3.service_credential_bindings.get(service_binding_guid) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] File "/home/vcap/deps/0/python/lib/python3.8/site-packages/cloudfoundry_client/v3/entities.py", line 238, in get 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] return self._get(requested_path, **kwargs) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] File "/home/vcap/deps/0/python/lib/python3.8/site-packages/cloudfoundry_client/v3/entities.py", line 133, in _get 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] response = self.client.get(url_requested) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] File "/home/vcap/deps/0/python/lib/python3.8/site-packages/cloudfoundry_client/client.py", line 271, in get 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] return CloudFoundryClient._check_response(response) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] File "/home/vcap/deps/0/python/lib/python3.8/site-packages/cloudfoundry_client/client.py", line 309, in _check_response 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] raise InvalidStatusCode(HTTPStatus(response.status_code), body, response.headers.get("x-vcap-request-id")) 
2022-08-18T08:20:42.751+02:00 [APP/PROC/WEB/0] [ERR] cloudfoundry_client.errors.InvalidStatusCode: UNAUTHORIZED = {"errors": [{"detail": "Invalid Auth Token", "title": "CF-InvalidAuthToken", "code": 1000}]} - vcap-request-id = e395a697-22ba-495c-9213-1667df377148::edc717be-bcd4-4f8a-b8eb-65ded1283297 

I thought https://github.com/cloudfoundry-community/cf-python-client/pull/88 was supposed to fix that problem? Thanks!

hanswurscht commented 1 year ago

This also seems to happen when used with username/password instead of client_id/client_secret:

            self._client = CloudFoundryClient(url, verify=cacert_path)        
            self._client.init_with_user_credentials(username, password)
[...] idle until token timed out
            self._client.v3.organizations.get(org_guid) 
self._client.v3.organizations.get(org_guid) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/cloudfoundry_client/v3/entities.py", line 238, in get return self._get(requested_path, **kwargs) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/cloudfoundry_client/v3/entities.py", line 133, in _get response = self.client.get(url_requested) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/cloudfoundry_client/client.py", line 269, in get response = super(CloudFoundryClient, self).get(url, params, **kwargs) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/oauth2_client/credentials_manager.py", line 220, in get return self._bearer_request(self._get_session().get, url, **kwargs) 
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/oauth2_client/credentials_manager.py", line 242, in _get_session raise OAuthError(HTTPStatus.UNAUTHORIZED, 'no_token', "no token provided") 
oauth2_client.credentials_manager.OAuthError: 401 - no_token : no token provided
hanswurscht commented 1 year ago

Seems related to https://github.com/cloudfoundry-community/cf-python-client/issues/163