The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
When Hydra has some problems with DB connection, it can respond with {"active": false} instead of responding with an error status or being unavailable.
Reproducing the bug
I managed to reproduce it in k8s. I requested the hydra introspection endpoint multiple times with a valid token. At the same time, I scaled down the database deployment to 0. At some moment, hydra responded with {"active": false} several times, and after that, it stopped responding to requests.
When I scaled DB deployment back to 1, hydra responded with active: true.
So, from the client's perspective, Hydra can randomly respond with false negatives. I expect Hydra to return an error status or not respond at all if it can not access the database.
Relevant log output
No response
Relevant configuration
No response
Version
v2.2.0
On which operating system are you observing this issue?
aeneasr
commented
2 months ago
Preflight checklist
Ory Network Project
No response
Describe the bug
When Hydra has some problems with DB connection, it can respond with
{"active": false}instead of responding with an error status or being unavailable.Reproducing the bug
I managed to reproduce it in k8s. I requested the hydra introspection endpoint multiple times with a valid token. At the same time, I scaled down the database deployment to 0. At some moment, hydra responded with
{"active": false}several times, and after that, it stopped responding to requests. When I scaled DB deployment back to 1, hydra responded withactive: true.So, from the client's perspective, Hydra can randomly respond with false negatives. I expect Hydra to return an error status or not respond at all if it can not access the database.
Relevant log output
No response
Relevant configuration
No response
Version
v2.2.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes with Helm
Additional Context
No response