User Auth Token not showing

[darkfortressAU]

Environment

self-hosted (https://develop.sentry.dev/self-hosted/)

Steps to Reproduce

1. Open UI screen to generate User Auth token
2. Set any permission option
3. Generate token

Expected Result

Token is created and shown in the UI for the user to copy

Actual Result

UI times out waiting on the fetch request, and simply does nothing apart from drop the loader spinner. Token is created in the backend and visible in the list however it can not be seen or copied.

Product Area

Settings - Auth

Link

No response

DSN

No response

Version

24.1.0

[getsantry[bot]]

Assigning to @getsentry/support for routing ⏲️

[darkfortressAU]

There is no error thrown in the backend logs or the UI console. It seems the network request times out with a 504 from nginx.

[getsantry[bot]]

Routing to @getsentry/product-owners-settings-auth for triage ⏲️

[ykamo001]

Hi @darkfortressAU, can you paste a video or screenshot of what you're experiencing? Running the version you've specified, we don't seem to be running into the problem. The 504 error seems to be the main problem behind this, and the token not showing up is the side effect due to that problem.

Have you tried changing the timeout and are noticing the same error? https://stackoverflow.com/questions/24453388/nginx-reverse-proxy-causing-504-gateway-timeout

We have some proxy docs here as well: https://develop.sentry.dev/self-hosted/reverse-proxy/

[darkfortressAU]

I am running sentry out of the box with minimal customisation such as the mail sever. The Nginx proxy is the one bundled with the docker images. I am running a big ip F5 in front which has an unlimited time out and is handling TLS offload. It is set to pass all the headers given to it and I would expect nothing to work if the F5 to be the issue. I have enabled the reverse proxy settings in the python config also. I can grab a screen capture of the 504 page on return to work. However there really isn’t anything that will aid in working this one out. It is simply click the generate button the toasty spinner comes up then it all times out. When you view the generated tokens page the token is there. On 26 Jan 2024, at 08:30, Yash Kamothi @.***> wrote: Hi @darkfortressAU, can you paste a video or screenshot of what you're experiencing? Running the version you've specified, we don't seem to be running into the problem. The 504 error seems to be the main problem behind this, and the token not showing up is the side effect due to that problem. Have you tried changing the timeout and are noticing the same error? https://stackoverflow.com/questions/24453388/nginx-reverse-proxy-causing-504-gateway-timeout We have some proxy docs here as well: https://develop.sentry.dev/self-hosted/reverse-proxy/

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[darkfortressAU]

sentry.nt.gov.au_Archive [24-01-29 07-34-48].har.txt

[darkfortressAU]

It appears the spinner down the bottom isn't captured on a FF screen capture

[ykamo001]

I am running sentry out of the box with minimal customisation such as the mail sever.

Can you confirm the email sending is still async on your hosted service? For API tokens, we do have the flow to send an email to the user who created the token. It's the call in the post/create endpoint, which leads to an async email flow. I can see how if that is synchronous, that could lead to a 504 as it's waiting on the mail server.

Otherwise, as you mentioned that the token appears on the refresh, there does not seem to be a problem with the DB transaction. After parsing through the log file you sent, it seems like the request times out at 30 seconds, which does not seem to be unlimited. Was that you explicitly stopping the request? I'll try to find common error locations, but this works out of the box with no customizations on 24.1.0

[darkfortressAU]

Emails are sending, however they do not contain the token. The 504 is from the docker image which is not from the BIGIP F5 in front of it. As mentioned the F5 is set to unlimited so no timeout will occur there. Timeouts can still occur in the NGINX image you supply with the self hosted platform.

I did not stop anything and allowed it to run through to completion. There is also no error reported in the UI which is a coding failure as you assume the transaction always works which will never be the case.

[leedongwei]

We're reaching out to another team for help, and we'll get back to you.

[hubertdeng123]

Hi there, I have a few questions.

Token is created in the backend and visible in the list however it can not be seen or copied.

By this, what do you mean? Does that mean in your postgres database, you are seeing the entry in the sentry_orgauthtoken table?

There is no error thrown in the backend logs or the UI console.

Do you see any logs in your web container related to org_auth_token.created?

It may be helpful to adjust the timouts in your nginx config:

proxy_connect_timeout   60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
send_timeout  60s;

[chadwhitacre]

Shall we move this to the self-hosted repo?

[darkfortressAU]

@hubertdeng123 ,

We know the token is created as we can see no error in the logs and it is added to the list of in use tokens. I tested this by deleting all tokens in my account and attempting create. After failure I returned to the list there was one entry available and you can see the first part of the token.

Only logs I see are the posted one, someone was going to reply with some extra log collection areas. Once I get those I can provide more.

Where do those nginx settings go (still new to sentry)?

[hubertdeng123]

Sure, those nginx settings should go in your nginx.conf file. Please let me know if that helps at all here.

[getsantry[bot]]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[dannyxu2015]

Sure, those nginx settings should go in your nginx.conf file. Please let me know if that helps at all here.

I found same issue and after change the nginx config, same issue. Got following log: 11:26:31 [INFO] sentry.security: user.api-token-generated (ip_address='192.168.2.16' user_id=1 actor_id=1)