ivan-vdovin
commented
2 years ago Hey @bigdatawonders, Could you share a query from your Cube env and a security context object so we can take a look once again?
Open bigdatawonders opened 2 years ago
ivan-vdovin
commented
2 years ago Hey @bigdatawonders, Could you share a query from your Cube env and a security context object so we can take a look once again?
bigdatawonders
commented
2 years ago Input:
{ "at_hash": "FkqAAbkX9Garhan3zhhBlw", "sub": "5badab3e-1e5d-4414-8a80-269fdaf2ff8e", "email_verified": true, "iss": "https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP", "cognito:username": "5badab3e-1e5d-4414-8a80-269fdaf2ff8e", "origin_jti": "c973190a-0dcb-4518-b820-d64f40d550c6", "aud": "5raa2u4emlrq8h7uvu2fg3rdd4", "event_id": "8d8e866f-8751-44a7-b21b-dc5fb78680fb", "token_use": "id", "auth_time": 1655974762, "user": "{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}", "jti": "08f92692-7310-4926-917b-2bee04961213", "exp": 1656916872 }
I want to get user_id in User key.
2022-07-03T06:43:23.443Z: Multitenancy Without ScheduledRefreshContexts: {"warning":"You are using multitenancy without configuring scheduledRefreshContexts, which can lead to issues where the security context will be undefined while Cube.js will do background refreshing: https://cube.dev/docs/config#options-reference-scheduled-refresh-contexts"} 2022-07-03T06:43:23.470Z: 🔗 Cube SQL is listening on 0.0.0.0:3306 2022-07-03T06:43:23.470Z: 🔗 Cube SQL (pg) is listening on 0.0.0.0:20000 2022-07-03T06:43:23.499Z: 🚀 Cube.js server (0.30.29) is listening on 14200 2022-07-03T06:43:26.313Z: Incoming network usage: {"service":"api-http","bytes":775,"path":"/"} 2022-07-03T06:43:26.318Z: Outgoing network usage: {"service":"api-http","bytes":0,"path":"/"} 2022-07-03T06:43:26.469Z: Incoming network usage: {"service":"api-http","bytes":1787,"path":"/cubejs-api/v1/meta"} 2022-07-03T06:43:26.472Z: REST API Request: {"path":"/cubejs-api/v1/meta","method":"GET","status":200,"ip":"::ffff:127.0.0.1","time":"2022-07-03T06:43:26.471Z","securityContext":{"at_hash":"FkqAAbkX9Garhan3zhhBlw","sub":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","email_verified":true,"iss":"https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP","cognito:username":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","origin_jti":"c973190a-0dcb-4518-b820-d64f40d550c6","aud":"5raa2u4emlrq8h7uvu2fg3rdd4","event_id":"8d8e866f-8751-44a7-b21b-dc5fb78680fb","token_use":"id","auth_time":1655974762,"user":"{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}","jti":"08f92692-7310-4926-917b-2bee04961213","requestId":"0e3530f7-89d5-4d77-95d9-2419fe9cc10b-span-1"} 2022-07-03T06:43:26.529Z: Compiling schema: {"version":"default_schema_version","requestId":"0e3530f7-89d5-4d77-95d9-2419fe9cc10b-span-1"} 2022-07-03T06:43:27.633Z: Outgoing network usage: {"service":"api-http","bytes":0,"path":"/cubejs-api/v1/meta","securityContext":{"at_hash":"FkqAAbkX9Garhan3zhhBlw","sub":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","email_verified":true,"iss":"https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP","cognito:username":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","origin_jti":"c973190a-0dcb-4518-b820-d64f40d550c6","aud":"5raa2u4emlrq8h7uvu2fg3rdd4","event_id":"8d8e866f-8751-44a7-b21b-dc5fb78680fb","token_use":"id","auth_time":1655974762,"user":"{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}","jti":"08f92692-7310-4926-917b-2bee04961213","exp":1656916956},"requestId":"0e3530f7-89d5-4d77-95d9-2419fe9cc10b-span-1"} 2022-07-03T06:43:27.786Z: Incoming network usage: {"service":"api-http","bytes":1915,"path":"/cubejs-api/v1/dry-run"} 2022-07-03T06:43:27.787Z: REST API Request: {"path":"/cubejs-api/v1/dry-run?query=%7B%22limit%22%3A1000%2C%22measures%22%3A%5B%22Orders.count%22%5D%2C%22dimensions%22%3A%5B%22Orders.status%22%5D%2C%22order%22%3A%7B%22Orders.count%22%3A%22desc%22%7D%7D","method":"GET","status":200,"ip":"::ffff:127.0.0.1","time":"2022-07-03T06:43:27.787Z","securityContext":{"at_hash":"FkqAAbkX9Garhan3zhhBlw","sub":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","email_verified":true,"iss":"https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP","cognito:username":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","origin_jti":"c973190a-0dcb-4518-b820-d64f40d550c6","aud":"5raa2u4emlrq8h7uvu2fg3rdd4","event_id":"8d8e866f-8751-44a7-b21b-dc5fb78680fb","token_use":"id","auth_time":1655974762,"user":"{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}","jti":"08f92692-7310-4926-917b-2bee04961213","exp":1656916956},"requestId":"c4fa65ee-18c0-4828-a852-bde94f9460ed-span-1"} 2022-07-03T06:43:27.843Z: Internal Server Error: {"query":"{\"limit\":1000,\"measures\":[\"Orders.count\"],\"dimensions\":[\"Orders.status\"],\"order\":{\"Orders.count\":\"desc\"}}","error":"TypeError: Cannot create proxy with a non-object as target or handler\n at SnowflakeQuery.contextSymbolsProxy (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:2573:12)\n at /cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:2565:27\n at XWrap.f (/cube/node_modules/ramda/src/map.js:78:20)\n at XWrap.@@transducer/step (/cube/node_modules/ramda/src/internal/_xwrap.js:17:17)\n at _arrayReduce (/cube/node_modules/ramda/src/internal/_reduce.js:18:34)\n at _reduce (/cube/node_modules/ramda/src/internal/_reduce.js:60:12)\n at map (/cube/node_modules/ramda/src/map.js:77:14)\n at /cube/node_modules/ramda/src/internal/_dispatchable.js:50:15\n at Object.f2 [as map] (/cube/node_modules/ramda/src/internal/_curry2.js:34:14)\n at SnowflakeQuery.parametrizedContextSymbols (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:2564:12)\n at SnowflakeQuery.evaluateSql (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1667:28)\n at SnowflakeQuery.autoPrefixAndEvaluateSql (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1627:55)\n at SnowflakeQuery.evaluateSymbolSql (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1618:21)\n at SnowflakeQuery.traverseSymbol (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1332:35)\n at /cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1370:31\n at SnowflakeQuery.evaluateSymbolSqlWithContext (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1749:22)\n at SnowflakeQuery.collectCubeNamesFor (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1695:10)\n at /cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1370:17\n at CompilerCache.cache (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/QueryCache.js:22:28)\n at /cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1366:39\n at _map (/cube/node_modules/ramda/src/internal/_map.js:7:19)\n at map (/cube/node_modules/ramda/src/map.js:83:14)","duration":54,"securityContext":{"at_hash":"FkqAAbkX9Garhan3zhhBlw","sub":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","email_verified":true,"iss":"https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP","cognito:username":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","origin_jti":"c973190a-0dcb-4518-b820-d64f40d550c6","aud":"5raa2u4emlrq8h7uvu2fg3rdd4","event_id":"8d8e866f-8751-44a7-b21b-dc5fb78680fb","token_use":"id","auth_time":1655974762,"user":"{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}","jti":"08f92692-7310-4926-917b-2bee04961213","exp":1656916956},"requestId":"c4fa65ee-18c0-4828-a852-bde94f9460ed-span-1"} 2022-07-03T06:43:27.844Z: Outgoing network usage: {"service":"api-http","bytes":2368,"path":"/cubejs-api/v1/dry-run","securityContext":{"at_hash":"FkqAAbkX9Garhan3zhhBlw","sub":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","email_verified":true,"iss":"https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP","cognito:username":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","origin_jti":"c973190a-0dcb-4518-b820-d64f40d550c6","aud":"5raa2u4emlrq8h7uvu2fg3rdd4","event_id":"8d8e866f-8751-44a7-b21b-dc5fb78680fb","token_use":"id","auth_time":1655974762,"user":"{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}","jti":"08f92692-7310-4926-917b-2bee04961213","exp":1656916956},"requestId":"c4fa65ee-18c0-4828-a852-bde94f9460ed-span-1"} 2022-07-03T06:43:28.551Z: Incoming network usage: {"service":"api-http","bytes":1978,"path":"/cubejs-api/v1/load"} 2022-07-03T06:43:28.552Z: REST API Request: {"path":"/cubejs-api/v1/load?query=%7B%22limit%22%3A1000%2C%22measures%22%3A%5B%22Orders.count%22%5D%2C%22dimensions%22%3A%5B%22Orders.status%22%5D%2C%22order%22%3A%7B%22Orders.count%22%3A%22desc%22%7D%7D&queryType=multi","method":"GET","status":200,"ip":"::ffff:127.0.0.1","time":"2022-07-03T06:43:28.552Z","securityContext":{"at_hash":"FkqAAbkX9Garhan3zhhBlw","sub":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","email_verified":true,"iss":"https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP","cognito:username":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","origin_jti":"c973190a-0dcb-4518-b820-d64f40d550c6","aud":"5raa2u4emlrq8h7uvu2fg3rdd4","event_id":"8d8e866f-8751-44a7-b21b-dc5fb78680fb","token_use":"id","auth_time":1655974762,"user":"{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}","jti":"08f92692-7310-4926-917b-2bee04961213","exp":1656916956},"requestId":"1f36aba4-5dbe-449b-930e-cfd83690339d-span-1"} 2022-07-03T06:43:28.553Z: Load Request: {"query":{"limit":1000,"measures":["Orders.count"],"dimensions":["Orders.status"],"order":{"Orders.count":"desc"}},"securityContext":{"at_hash":"FkqAAbkX9Garhan3zhhBlw","sub":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","email_verified":true,"iss":"https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP","cognito:username":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","origin_jti":"c973190a-0dcb-4518-b820-d64f40d550c6","aud":"5raa2u4emlrq8h7uvu2fg3rdd4","event_id":"8d8e866f-8751-44a7-b21b-dc5fb78680fb","token_use":"id","auth_time":1655974762,"user":"{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}","jti":"08f92692-7310-4926-917b-2bee04961213","exp":1656916956},"requestId":"1f36aba4-5dbe-449b-930e-cfd83690339d-span-1"} 2022-07-03T06:43:28.555Z: Internal Server Error: {"query":{"limit":1000,"measures":["Orders.count"],"dimensions":["Orders.status"],"order":{"Orders.count":"desc"}},"error":"TypeError: Cannot create proxy with a non-object as target or handler\n at SnowflakeQuery.contextSymbolsProxy (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:2573:12)\n at /cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:2565:27\n at XWrap.f (/cube/node_modules/ramda/src/map.js:78:20)\n at XWrap.@@transducer/step (/cube/node_modules/ramda/src/internal/_xwrap.js:17:17)\n at _arrayReduce (/cube/node_modules/ramda/src/internal/_reduce.js:18:34)\n at _reduce (/cube/node_modules/ramda/src/internal/_reduce.js:60:12)\n at map (/cube/node_modules/ramda/src/map.js:77:14)\n at /cube/node_modules/ramda/src/internal/_dispatchable.js:50:15\n at Object.f2 [as map] (/cube/node_modules/ramda/src/internal/_curry2.js:34:14)\n at SnowflakeQuery.parametrizedContextSymbols (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:2564:12)\n at SnowflakeQuery.evaluateSql (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1667:28)\n at SnowflakeQuery.autoPrefixAndEvaluateSql (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1627:55)\n at SnowflakeQuery.evaluateSymbolSql (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1618:21)\n at SnowflakeQuery.traverseSymbol (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1332:35)\n at /cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1370:31\n at SnowflakeQuery.evaluateSymbolSqlWithContext (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1749:22)\n at SnowflakeQuery.collectCubeNamesFor (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1695:10)\n at /cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1370:17\n at CompilerCache.cache (/cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/QueryCache.js:22:28)\n at /cube/node_modules/@cubejs-backend/schema-compiler/src/adapter/BaseQuery.js:1366:39\n at _map (/cube/node_modules/ramda/src/internal/_map.js:7:19)\n at map (/cube/node_modules/ramda/src/map.js:83:14)","duration":2,"securityContext":{"at_hash":"FkqAAbkX9Garhan3zhhBlw","sub":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","email_verified":true,"iss":"https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP","cognito:username":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","origin_jti":"c973190a-0dcb-4518-b820-d64f40d550c6","aud":"5raa2u4emlrq8h7uvu2fg3rdd4","event_id":"8d8e866f-8751-44a7-b21b-dc5fb78680fb","token_use":"id","auth_time":1655974762,"user":"{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}","jti":"08f92692-7310-4926-917b-2bee04961213","exp":1656916956},"requestId":"1f36aba4-5dbe-449b-930e-cfd83690339d-span-1"} 2022-07-03T06:43:28.556Z: Outgoing network usage: {"service":"api-http","bytes":2368,"path":"/cubejs-api/v1/load","securityContext":{"at_hash":"FkqAAbkX9Garhan3zhhBlw","sub":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","email_verified":true,"iss":"https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_dZvHo3PPP","cognito:username":"5badab3e-1e5d-4414-8a80-269fdaf2ff8e","origin_jti":"c973190a-0dcb-4518-b820-d64f40d550c6","aud":"5raa2u4emlrq8h7uvu2fg3rdd4","event_id":"8d8e866f-8751-44a7-b21b-dc5fb78680fb","token_use":"id","auth_time":1655974762,"user":"{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}","jti":"08f92692-7310-4926-917b-2bee04961213","exp":1656916956},"requestId":"1f36aba4-5dbe-449b-930e-cfd83690339d-span-1"} 2022-07-03T06:43:29.246Z: Incoming network usage: {"service":"api-http","bytes":775,"path":"/"} 2022-07-03T06:43:29.247Z: Outgoing network usage: {"service":"api-http","bytes":0,"path":"/"} 2022-07-03T06:43:29.299Z: Incoming network usage: {"service":"api-http","bytes":976,"path":"/cubejs-system/v1/pre-aggregations/security-contexts"} 2022-07-03T06:43:29.300Z: Outgoing network usage: {"service":"api-http","bytes":25,"path":"/cubejs-system/v1/pre-aggregations/security-contexts"} 2022-07-03T06:43:29.300Z: Incoming network usage: {"service":"api-http","bytes":968,"path":"/cubejs-system/v1/pre-aggregations/timezones"} 2022-07-03T06:43:29.302Z: Outgoing network usage: {"service":"api-http","bytes":25,"path":"/cubejs-system/v1/pre-aggregations/timezones"} 2022-07-03T06:43:57.892Z: Incoming network usage: {"service":"api-http","bytes":927,"path":"/cubejs-system/v1/pre-aggregations/security-contexts"} 2022-07-03T06:43:57.894Z: REST API Request: {"path":"/cubejs-system/v1/pre-aggregations/security-contexts","method":"GET","status":200,"ip":"::ffff:127.0.0.1","time":"2022-07-03T06:43:57.893Z","securityContext":{"exp":1659311999},"requestId":"54646b41-7b7b-45c8-b395-dd25c52cf83c-span-1"} 2022-07-03T06:43:57.895Z: Outgoing network usage: {"service":"api-http","bytes":23,"path":"/cubejs-system/v1/pre-aggregations/security-contexts","securityContext":{"exp":1659311999},"requestId":"54646b41-7b7b-45c8-b395-dd25c52cf83c-span-1"} 2022-07-03T06:43:57.895Z: Incoming network usage: {"service":"api-http","bytes":919,"path":"/cubejs-system/v1/pre-aggregations/timezones"} 2022-07-03T06:43:57.896Z: REST API Request: {"path":"/cubejs-system/v1/pre-aggregations/timezones","method":"GET","status":200,"ip":"::ffff:127.0.0.1","time":"2022-07-03T06:43:57.896Z","securityContext":{"exp":1659311999},"requestId":"99cae471-1aff-4d68-afef-d30759f6609e-span-1"} 2022-07-03T06:43:57.897Z: Outgoing network usage: {"service":"api-http","bytes":16,"path":"/cubejs-system/v1/pre-aggregations/timezones","securityContext":{"exp":1659311999},"requestId":"99cae471-1aff-4d68-afef-d30759f6609e-span-1"}
kaydenvg
commented
2 years ago Hi, Any update on resolving this issue? Having the same problems in the pre-token lambda with cognito, the JSON object doesn't look correct on return.
Is there any way to extract these values as they currently exist?
xandercovert
commented
2 years ago Hey I have been experiencing the same issue. Is this planning on being resolved or should we explore alternatives to encoding the JSON information within the namespace?
paveltiunov
commented
2 years ago Providing string claims is currently not supported by CUBEJS_JWT_CLAIMS_NAMESPACE. It seems the guide wasn't tested end-to-end.
github-actions[bot]
commented
2 years ago If you are interested in working on this issue, please leave a comment below and we will be happy to assign the issue to you. If this is the first time you are contributing a Pull Request to Cube.js, please check our contribution guidelines. You can also post any questions while contributing in the #contributors channel in the Cube.js Slack.
paveltiunov
commented
2 years ago cc @hassankhan
paveltiunov
commented
1 year ago The workaround is to implement https://cube.dev/docs/config#options-reference-check-auth for now.
Describe the bug I am trying to use security context with Cognito and JWT. As per your documentation we generate JWT. The response is like:
"user": "{\"company_id\":\"moleculedata\",\"user_id\":\"5badab3e-1e5d-4414-8a80-269fdaf2ff8e\",\"roles\":[\"user\"]}"similar to example in the documentation [https://cube.dev/docs/security/jwt/aws-cognito]
when I try to use it with CUBEJS_JWT_CLAIMS_NAMESPACE=user, I get an error in the playground:
TypeCannot create proxy with a non-object as target or handlerI hope to use the values inside user key form JWT.
If any questions, please let me know.
Kind regards, Rytis