Error for idp token expire even if IdpSignKeyRefreshEnabled enabled

[Fantu]

Hi, I have netbird selfhosted that use idp google, initially after some days always make impossible login until reboot. After found "IdpSignKeyRefreshEnabled" I enabled it and for long time I not had issue. Today same issue appaired (at least seems), here latest logs before reboot (after reboot return to work correctly):

infrastructure_files-management-1  | 2023-12-12T09:12:27Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
infrastructure_files-management-1  | 2023-12-12T09:12:27Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4056351373: GET /api/users status 401
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/jwtclaims/jwtValidator.go:158: error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/middleware/auth_middleware.go:65: Error when validating JWT claims: Error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1058967340: GET /api/users status 401
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/jwtclaims/jwtValidator.go:158: error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/middleware/auth_middleware.go:65: Error when validating JWT claims: Error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3694887989: GET /api/users status 401
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/jwtclaims/jwtValidator.go:158: error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/middleware/auth_middleware.go:65: Error when validating JWT claims: Error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3769408553: GET /api/groups status 401

I couldn't keep it not working for more in-depth debugging because we needed to use it, let me know if there is any more data I can provide even if the problem is no longer occurring.

[surik]

Hi @Fantu for my better understanding I have a few questions. Does the issue persist or just happen once? Does the refresh of the page in the browser help to solve it? Can you specify the versions of management, client, and dashboard you are using?

[Fantu]

Thanks @surik for reply. For now is happened once, but should not be happen, or I'm wrong? is not good that still have and when happen users can't login until docker containers restart. I'm not expert of docker, I don't know if this the correct way to found the container version in use from latest update 2 months ago:

docker images
REPOSITORY              TAG       IMAGE ID       CREATED        SIZE
wiretrustee/dashboard   latest    15f1a26c76e5   2 months ago   126MB
netbirdio/management    latest    83e0862dc03b   2 months ago   157MB
netbirdio/signal        latest    e226c5001c6a   2 months ago   33.1MB
coturn/coturn           latest    d5bb7d7354ee   2 months ago   160MB
netbirdio/management    <none>    cefef30d0c04   3 months ago   156MB
netbirdio/signal        <none>    4d825a416828   3 months ago   33MB
wiretrustee/dashboard   <none>    856d474a14e5   3 months ago   126MB
coturn/coturn           <none>    48088fc70e13   5 months ago   150MB

supposing the "latest" are running I tried with them id:

docker image inspect --format '{{json .}}' "15f1a26c76e5" | jq -r '. | {Id: .Id, Digest: .Digest, RepoDigests: .RepoDigests, Labels:
...
  "RepoDigests": [
    "wiretrustee/dashboard@sha256:2c9e4120aee0921b93bf7eb1cda120f25f93a62c5aa7510acd5b5a9b94c7ba4b"
  ],
...
    "org.opencontainers.image.url": "https://github.com/netbirdio/dashboard",
    "org.opencontainers.image.version": "v1.17.2"

docker image inspect --format '{{json .}}' "83e0862dc03b" | jq -r '. | {Id: .Id, Digest: .Digest, RepoDigests: .RepoDigests, Labels: 
...
  "RepoDigests": [
    "netbirdio/management@sha256:205efdaeb0e48b565e60403fd9ed094ff29749a7116d471c04f4e37e17f4c1e1"
  ],
...
    "org.opencontainers.image.title": "netbird",
    "org.opencontainers.image.version": "0.23.9"

docker image inspect --format '{{json .}}' "e226c5001c6a" | jq -r '. | {Id: .Id, Digest: .Digest, RepoDigests: .RepoDigests, Labels:
...
  "RepoDigests": [
    "netbirdio/signal@sha256:fdca64c3f7da1f7e4bc019d9d3f0928aaa3847cf5940ae51766f652b8371fddd"
  ],
...
    "org.opencontainers.image.title": "netbird",
    "org.opencontainers.image.version": "0.23.9"

If I did wrong can you please tell me the right way please? and probably will be good to add in a docs from useful thing for take data to report for issues.