Unknown error after authentication and on token-refresh

[arvraham]

In order to experiment with that cool addon you develop, I've written a simple spring-boot app that behaves similar to the server which the dummy application provides.

Everything works fine but every time the token gets refreshed I get console errors just saying undefined.

It occurs both in firefox and chrome.

I played with it for a couple of hours and now I'm sure the problem does not sit in the backend.

Thought maybe it might be a good idea to test with "third-party" servers to harden ember-simple-auth-jwt a bit.

I've published the backend here.

To reproduce the error, take the ember-simple-auth-jwt dummy app and configure as follows:

serverTokenEndpoint: http://localhost:8080/token-auth serverRefreshTokenEndpoint: http://localhost:8080/token-refresh

Credentials are the same, log in and enjoy ;-)

The protected resource currently has a different location but to reproduce the error you won't need it.

The error occurs in version 0.0.2 and 0.1.

[arvraham]

Stacktrace:

ember-metal.js:3988 undefined defaultDispatch @ ember-metal.js:3988 dispatchError @ ember-metal.js:3969 onerrorDefault @ rsvp.js:23 trigger @ rsvp.js:85 (anonymous) @ rsvp.js:938 invokeWithOnError @ backburner.js:281 flush @ backburner.js:152 flush @ backburner.js:343 end @ backburner.js:451 run @ backburner.js:529 run$1 @ ember-metal.js:4328 (anonymous) @ jwt.js:134 tryCatch @ rsvp.js:411 invokeCallback @ rsvp.js:424 publish @ rsvp.js:394 (anonymous) @ rsvp.js:14 invokeWithOnError @ backburner.js:281 flush @ backburner.js:152 flush @ backburner.js:343 end @ backburner.js:451 Backburner._boundAutorunEnd @ backburner.js:413 setTimeout (async) Backburner.platform.setTimeout @ backburner.js:398 Backburner.platform.next @ backburner.js:404 _ensureInstance @ backburner.js:943 schedule @ backburner.js:602 (anonymous) @ rsvp.js:13 fulfill @ rsvp.js:345 resolve @ rsvp.js:320 resolved @ rsvp.js:458 reader.onload @ ember-fetch.js:176 FileReader (async) readBlobAsText @ ember-fetch.js:194 Body.text @ ember-fetch.js:288 (anonymous) @ jwt.js:180 tryCatch @ rsvp.js:411 invokeCallback @ rsvp.js:424 publish @ rsvp.js:394 (anonymous) @ rsvp.js:14 invokeWithOnError @ backburner.js:281 flush @ backburner.js:152 flush @ backburner.js:343 end @ backburner.js:451 Backburner._boundAutorunEnd @ backburner.js:413 setTimeout (async) Backburner.platform.setTimeout @ backburner.js:398 Backburner.platform.next @ backburner.js:404 _ensureInstance @ backburner.js:943 schedule @ backburner.js:602 (anonymous) @ rsvp.js:13 fulfill @ rsvp.js:345 handleMaybeThenable @ rsvp.js:310 resolve @ rsvp.js:318 resolved @ rsvp.js:458 xhr.onload @ ember-fetch.js:446 XMLHttpRequest.send (async) (anonymous) @ ember-fetch.js:471 initializePromise @ rsvp.js:453 Promise @ rsvp.js:929 self.fetch @ ember-fetch.js:434 self.default @ ember-fetch.js:492 (anonymous) @ jwt.js:179 initializePromise @ rsvp.js:453 Promise @ rsvp.js:929 makeRequest @ jwt.js:178 (anonymous) @ jwt.js:133 initializePromise @ rsvp.js:453 Promise @ rsvp.js:929 authenticate @ jwt.js:123 authenticate @ internal-session.js:57 authenticate @ session.js:157 toggleSession @ component.js:26 send @ action_support.js:129 superWrapper @ ember-utils.js:423 (anonymous) @ action.js:141 exports.flaggedInstrument @ ember-metal.js:3797 (anonymous) @ action.js:140 run @ backburner.js:525 run$1 @ ember-metal.js:4328 handler @ action.js:120 (anonymous) @ event_dispatcher.js:222 dispatch @ jquery.js:5206 elemData.handle @ jquery.js:5014 21:43:37.017

[myartsev]

Regardless of the backend stack its the contents of the API response that matter. Can you post the full response for an auth and refresh call?

It's been a while since I've touched Java; let's see if we can figure this out without me having to do all that set up on my machine :)

[arvraham]

I simply deployed the app to make things easier.

serverTokenEndpoint: 'http://217.172.188.67:8080/api/token-auth', serverRefreshTokenEndpoint: 'http://217.172.188.67:8080/api/token-refresh'

In routes/secret.js:

resolve(Ember.$.ajax('http://217.172.188.67:8080/api/secret-stuff', {

[myartsev]

Cool, thanks! So all the calls with your backend are working ok.

What's happening is that when we try to access the /api/secret-route endpoint, it's hitting http://localhost:4200/api/secret-stuff instead of your server, and that returns a 401 unauthorized response. I'm assuming that the secret key used to sign the JWT on your server is different .

So the add-on itself is ok, it's more just an issue with the dummy app and it being non-obvious which fields need to be replaced when using a 3rd party server. I'll add a config to make this easier. Thanks for reporting :)

[arvraham]

I still get one of these every 30 seconds after login.

This happens not only in dummy. It will also occur when you just use the addon in other ember applications (when the embedded server is not around).

[myartsev]

My bad, I misunderstood your issue, in your first comment you hadn't mentioned that you updated the base URL for api/secret-stuff, so I mistakenly concluded that this was your problem. Taking a look again!

[myartsev]

This is very helpful, thank you, there are a couple of bugs in the library:

• [x] #13; nothing happens if we think the token is invalid, the library just carries on as if everything is fine.
• [x] #14; validation needs to be updated so that the typ claim in the JWT header is not treated as required, per JWT spec.

[myartsev]

Should be good to go now!