search

newrelic / newrelic-salesforce-exporter

New Relic integration for Salesforce logs.
Apache License 2.0
10 stars 14 forks source link

Getting "expired authorization code" error while creating JWT token #31

Closed Ashutosh2547 closed 3 months ago

Ashutosh2547 commented 4 months ago

Description

After configuring the config.yml to point to the connected app and using the grant_type "jwt-bearer". Getting 400 bad request

Steps to Reproduce

  1. Clone the repository
  2. Create a connected app in SDFC with the configurations provided in readme - Link
  3. Update the config.yml file with the new relic license key and account id
  4. Run the app

Getting below error in auth.py

raise LoginException(f'sfdc token request failed. http-status-code:{resp.status_code}, reason: {resp.text}, full response {resp}') newrelic_logging.LoginException: sfdc token request failed. http-status-code:400, reason: {"error":"invalid_grant","error_description":"expired authorization code"}, full response <Response [400]>

Expected Behavior

JWT token should be retrieved and app should pull the data from SFDC.

Relevant Logs / Console output

File "C:\Application_Development\Personal\newrelic-salesforce-exporter\src__main.py", line 272, in main run(config, event_type_fields_mapping, numeric_fields_list) File "C:\Application_Development\Personal\newrelic-salesforce-exporter\src\main.py", line 213, in run run_once( File "C:\Application_Development\Personal\newrelic-salesforce-exporter\src\main__.py", line 165, in run_once ).run() ^^^^^ File "C:\Application_Development\Personal\newrelic-salesforce-exporter\src\newrelic_logging\integration.py", line 41, in run raise e File "C:\Application_Development\Personal\newrelic-salesforce-exporter\src\newrelic_logging\integration.py", line 37, in run instance.harvest(session) File "C:\Application_Development\Personal\newrelic-salesforce-exporter\src\newrelic_logging\instance.py", line 24, in harvest self.api.authenticate(session) File "C:\Application_Development\Personal\newrelic-salesforce-exporter\src\newrelic_logging\api.py", line 81, in authenticate self.authenticator.authenticate(session) File "C:\Application_Development\Personal\newrelic-salesforce-exporter\src\newrelic_logging\auth.py", line 197, in authenticate self.authenticate_with_jwt(session) File "C:\Application_Development\Personal\newrelic-salesforce-exporter\src\newrelic_logging\auth.py", line 147, in authenticate_with_jwt raise LoginException(f'sfdc token request failed. http-status-code:{resp.status_code}, reason: {resp.text}, full response {resp}') newrelic_logging.LoginException: sfdc token request failed. http-status-code:400, reason: {"error":"invalid_grant","error_description":"expired authorization code"}, full response <Response [400]> 2024-05-23 19:10:42,525 (15736/MainThread) newrelic.core.agent INFO - New Relic Python Agent Shutdown

Your Environment

Additional context

kanwaljit-mq commented 3 months ago

Subscribing, getting same issue

sdewitt-newrelic commented 3 months ago

Hi @Ashutosh2547 and/or @kanwaljit-mq can you please provide your full config.yml? Before pasting, please make sure to remove any of the sensitive information such as keys, usernames, passwords, etc. I do not need those, just the rest of the configuration.

I have found two things I would like to ask you to check on the Salesforce side.

Can you ensure what the expiration date on the token is set to? I think this may be the "Token Timeout" described in the last paragraph here.

Can you also check the system time on the machine where the exporter is running? I've seen a few posts where people indicated that incorrect system times caused this error.

kanwaljit-mq commented 3 months ago

@Ashutosh2547 This is how I fixed the issue and I am sure there is an elegant way to do it besides this. In file :/src/newrelic_logging/auth.py [Ref] Go to Line #107 exp = int((datetime.utcnow() - timedelta(minutes=5)).timestamp()) P.S. Line number may be different based on branch you are on. Update the minus to plus. This is where the session expiry time is set for your (Bearer) token. You can increase the number (5) it to however more/less needed for your use case. So , it should look like : exp = int((datetime.utcnow() + timedelta(minutes=5)).timestamp()) HTH

Ashutosh2547 commented 3 months ago

Thanks @kanwaljit-mq , This fix worked for me.

sdewitt-newrelic commented 3 months ago

Hi @kanwaljit-mq and @Ashutosh2547 , can you update your remote and checkout the branch fix/jwt-expired-auth-code and see if this fixes your issue? The fix is the same as what you suggested (add instead of subtract) but also exposes a configuration variable for this value (default is 5).

sdewitt-newrelic commented 3 months ago

@kanwaljit-mq @Ashutosh2547 PR #39 is now merged to main. Please update your remote and give this a try.

sdewitt-newrelic commented 3 months ago

Reopening this issue to address the error reported by @kanwaljit-mq here

sdewitt-newrelic commented 3 months ago

@kanwaljit-mq This should fix it. I admit that I don't have an environment to test JWT authentication so it's possible there are still issues. Please give this a go and let me know how it works.