oracle / oci-typescript-sdk

Oracle Cloud Infrastructure SDK for TypeScript and JavaScript
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/typescriptsdk.htm
Other
78 stars 54 forks source link

Unauthorized error on identitydomains #310

Open farisdurrani opened 3 months ago

farisdurrani commented 3 months ago

I am getting a 401 Unauthorized error when using the identitydomains module even when the CLI on the same API URL returns a valid result and all other modules work fine. I am a tenancy administrator. This issue repeats on several tenancies.

Given this TypeScript script adapted from the official example,

import * as common from "oci-common";
import { IdentityDomainsClient, responses } from "oci-identitydomains";

const DOMAIN_ENDPOINT =
  "https://idcs-721677994de24d38836f554cc565a9d5.identity.oraclecloud.com:443";
const provider: common.ConfigFileAuthenticationDetailsProvider =
  new common.ConfigFileAuthenticationDetailsProvider(
    "~/.oci/config",
    "fdurrani"
  );

(async () => {
  const identityDomainsClient = new IdentityDomainsClient({
    authenticationDetailsProvider: provider,
  });
  identityDomainsClient.endpoint = DOMAIN_ENDPOINT;

  const usersList: responses.ListUsersResponse =
    await identityDomainsClient.listUsers({});

  console.log(usersList);
})();

running this file using node returns this error:

➜  test git:(dev) ✗ ts-node test2.ts
Request cannot be retried. Not Retrying. Exception occurred : Error: Unauthorized
OciError: Unauthorized
    at Object.handleErrorResponse (/Users/fdurrani/LocalGitHub/policy-analyzer/lib/helper.ts:66:12)
    at GenericRetrier.<anonymous> (/Users/fdurrani/LocalGitHub/policy-analyzer/lib/retrier.ts:226:31)
    at Generator.next (<anonymous>)
    at fulfilled (/Users/fdurrani/LocalGitHub/policy-analyzer/test/node_modules/oci-common/lib/retrier.js:9:58)
    at processTicksAndRejections (node:internal/process/task_queues:95:5) {
  statusCode: 401,
  serviceCode: 'None',
  opcRequestId: '29F2A911532C-11EF-88E5-FF736DD40B23/pU9iq01W240000000',
  targetService: 'IdentityDomains',
  operationName: 'listUsers',
  timestamp: '2024-08-05T13:11:01.921Z',
  requestEndpoint: 'GET https://idcs-721677994de24d38836f554cc565a9d5.identity.oraclecloud.com:443/admin/v1/Users',
  clientVersion: 'Oracle-TypeScriptSDK/2.90.0-1722272724',
  loggingTips: 'To get more info on the failing request, refer to https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/typescriptsdkconcepts.htm#typescriptsdkconcepts_topic_Logging for ways to log the request/response details.',
  troubleshootingTips: 'See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_401__401_none for more information about resolving this error If you are unable to resolve this IdentityDomains issue, please contact Oracle support and provide them this full error message.'
}
➜  test git:(dev) ✗ 

Calling the same API URL using the CLI returns the result as normal:

➜ ~ oci raw-request --http-method GET --target-uri https://idcs-721677994de24d38836f554cc565a9d5.identity.oraclecloud.com:443/admin/v1/Users --profile fdurrani

Screenshot 2024-08-05 at 09 15 36

Relevant software versions:

  "dependencies": {
    "oci-common": "^2.90.0-1722272724",
    "oci-identitydomains": "^2.90.0-1722272724"
  }

OS: MacOS 14.6

farisdurrani commented 3 months ago

Surprisingly, using a signed HttpRequest to the raw URI results in an Unauthorized error as well on TypeScript

See code and result ```ts import * as promise from "es6-promise"; import "isomorphic-fetch"; import { DefaultRequestSigner, HttpRequest } from "oci-common"; import { common } from "oci-sdk"; promise.polyfill(); const OCI_CONFIG_FILE = "~/.oci/config"; const OCI_PROFILE = "fdurrani"; const CONFIG = new common.ConfigFileAuthenticationDetailsProvider( OCI_CONFIG_FILE, OCI_PROFILE ); async function compileAllUsers() { // 1. Create Request Signing instance const signer = new DefaultRequestSigner(CONFIG); // 2. Create HttpRequest to be signed const httpRequest: HttpRequest = { uri: `https://idcs-721677994de24d38836f554cc565a9d5.identity.oraclecloud.com:443/admin/v1/Users`, headers: new Headers(), method: "GET", }; // 3. sign request await signer.signHttpRequest(httpRequest); // 4. Make the call const response = await fetch( new Request(httpRequest.uri, { method: httpRequest.method, headers: httpRequest.headers, body: httpRequest.body, }) ); // 5. Print response console.log(await response.json()); } compileAllUsers(); ``` ```sh ➜ test git:(dev) ✗ ts-node test2.ts { schemas: [ 'urn:ietf:params:scim:api:messages:2.0:Error' ], detail: 'The request failed: HTTP 401 Unauthorized.', status: '401' } ```
roeycohen commented 3 months ago

hi @farisdurrani, are you using Bun or Deno? I had similar issues until I've came back to the original NodeJS.

farisdurrani commented 3 months ago

No, I am using the original NodeJS. As in, Node v20.11.0 and NPM v10.4.0

jyotisaini commented 3 months ago

Hi @farisdurrani what version of typescript SDK are you using ? Are you able to make API call using raw request signer ?

farisdurrani commented 3 months ago

"typescript": "^5.5.4"

No, I was not able to make an API call using the raw request signer. See: https://github.com/oracle/oci-typescript-sdk/issues/310#issuecomment-2269191644.

Again, it is important to note using the CLI, both on the identity-domains CLI and raw request API, works fine.

jyotisaini commented 3 months ago

@farisdurrani I meant to ask the version of OCI typescript SDK (oci-sdk)

farisdurrani commented 3 months ago

Yes, I've put that info at the end of my original post