Can't Upload files because of failed access token verification

[mitexleo]

Describe the bug

Uploading files to OwnCloud via web and mobile apps is failing intermittently. The logs indicate an authentication error due to an expired access token.

Steps to reproduce

1. Deploy OwnCloud using the provided Docker Compose configuration.
2. Import the realm and clients from the official deployment examples into Keycloak.
3. Attempt to upload multiple files (e.g., 122 files) via the web app.
4. Observe the logs for any errors.

Expected behavior

All files should be uploaded successfully without any authentication errors.

Actual behavior

Out of 122 files attempted to upload, 76 files failed with the following error in the logs:

2024-11-25T12:27:49Z ERR failed to authenticate the request | service=proxy error=failed to verify access token: token is expired by 25.94039174s authenticator=oidc path=/remote.php/dav/files/admin/

Setup

The server was started using the following Docker Compose configuration:

```yaml ocis: image: owncloud/ocis:5 user: 1280:1280 ports: - 9500:9200 entrypoint: - /bin/sh command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://cloud.yourdomain.com OCIS_LOG_LEVEL: error PROXY_TLS: false OCIS_INSECURE: false PROXY_ENABLE_BASIC_AUTH: false SETTINGS_GRPC_ADDR: 0.0.0.0:9191 GATEWAY_GRPC_ADDR: 0.0.0.0:9142 NOTIFICATIONS_SMTP_HOST: "" NOTIFICATIONS_SMTP_PORT: "465" NOTIFICATIONS_SMTP_SENDER: "" NOTIFICATIONS_SMTP_USERNAME: "contact@yourdomain.com" NOTIFICATIONS_SMTP_PASSWORD: "" NOTIFICATIONS_SMTP_AUTHENTICATION: "LOGIN" NOTIFICATIONS_SMTP_INSECURE: "false" STORAGE_USERS_DATA_GATEWAY_URL: http://ocis:9200/data THUMBNAILS_FILESYSTEMSTORAGE_ROOT: /var/lib/ocis-thumbnails STORAGE_USERS_DRIVER: s3ng STORAGE_SYSTEM_DRIVER: ocis STORAGE_USERS_S3NG_ENDPOINT: "https://s3.eu-central-003.backblazeb2.com" STORAGE_USERS_S3NG_REGION: "eu-central-003" STORAGE_USERS_S3NG_ACCESS_KEY: "" STORAGE_USERS_S3NG_SECRET_KEY: "" STORAGE_USERS_S3NG_BUCKET: "" PROXY_AUTOPROVISION_ACCOUNTS: true PROXY_ROLE_ASSIGNMENT_DRIVER: oidc OCIS_OIDC_ISSUER: https://auth.yourdomain.com/realms/R1 PROXY_OIDC_REWRITE_WELLKNOWN: true GRAPH_USERNAME_MATCH: none GRAPH_ASSIGN_DEFAULT_USER_ROLE: false OCIS_EXCLUDE_RUN_SERVICES: idp PROXY_USER_CS3_CLAIM: username WEB_OIDC_CLIENT_ID: ocis PROXY_USER_OIDC_CLAIM: preferred_username volumes: - /root/owncloud/ocis-config:/etc/ocis - /root/owncloud/ocis-data:/var/lib/ocis - /root/owncloud/thumbnails:/var/lib/ocis-thumbnails logging: driver: "local" restart: always ```

Additional context

• Keycloak realm and clients were imported from the official deployment examples: ocis_keycloak/config.
• The issue seems to be related to token expiration during the file upload process.
• The problem persists across both web and mobile apps.

[micbar]

Can you please check in the browser console, if the web client has some errors during token renewals?

It fetches new tokens from the /token endpoint of your idp.

[mitexleo]

Can you please check in the browser console, if the web client has some errors during token renewals?

It fetches new tokens from the /token endpoint of your idp.

This is what I have in console. The issue got fixed after setting client_max_body_size to 0:

I'm yet to test on the mobile app.

[micbar]

Where does the limitation come from? Your reverse proxy?

[mitexleo]

Where does the limitation come from? Your reverse proxy?

Yeah!