While deploying the new release 1.5.1, we would like to disable the authentification with app.auth: false. At the same time in the user environment at the facility we already have defined BEARER_TOKEN (xcache bearer token):
Looks like with disabled authentification, servicex still tries to pick up wrong token:
ERROR opendataaf-servicex servicex_app Got exception while submitting transformation request
Traceback (most recent call last):
File "/home/servicex/servicex_app/resources/transformation/submit.py", line 145, in post
user = self.get_requesting_user()
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 167, in decorator
verify_jwt_in_request(
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 94, in verify_jwt_in_request
jwt_data, jwt_header, jwt_location = _decode_jwt_from_request(
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 340, in _decode_jwt_from_request
decoded_token = decode_token(encoded_token, csrf_token)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/utils.py", line 128, in decode_token
return jwt_manager._decode_jwt_from_config(encoded_token, csrf_value, allow_expired)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/jwt_manager.py", line 556, in _decode_jwt_from_config
return _decode_jwt(**kwargs, allow_expired=allow_expired)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/tokens.py", line 95, in _decode_jwt
decoded_token = jwt.decode(
File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 211, in decode
decoded = self.decode_complete(
File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 152, in decode_complete
decoded = api_jws.decode_complete(
File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 210, in decode_complete
self._verify_signature(signing_input, header, signature, key, algorithms)
File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 304, in _verify_signature
raise InvalidAlgorithmError("The specified alg value is not allowed")
jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed extra: {'requestId': '04c440b6-cf2d-42d1-9799-e46f93378955'}
ERROR opendataaf-servicex servicex_app Got exception while submitting transformation request
Traceback (most recent call last):
File "/home/servicex/servicex_app/resources/transformation/submit.py", line 145, in post
user = self.get_requesting_user()
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 167, in decorator
verify_jwt_in_request(
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 94, in verify_jwt_in_request
jwt_data, jwt_header, jwt_location = _decode_jwt_from_request(
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 340, in _decode_jwt_from_request
decoded_token = decode_token(encoded_token, csrf_token)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/utils.py", line 128, in decode_token
return jwt_manager._decode_jwt_from_config(encoded_token, csrf_value, allow_expired)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/jwt_manager.py", line 556, in _decode_jwt_from_config
return _decode_jwt(**kwargs, allow_expired=allow_expired)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/tokens.py", line 95, in _decode_jwt
decoded_token = jwt.decode(
File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 211, in decode
decoded = self.decode_complete(
File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 152, in decode_complete
decoded = api_jws.decode_complete(
File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 210, in decode_complete
self._verify_signature(signing_input, header, signature, key, algorithms)
File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 304, in _verify_signature
raise InvalidAlgorithmError("The specified alg value is not allowed")
jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed extra: {'requestId': '76bc42ee-c5d9-42f5-84a7-5fbf872c2369'}
While deploying the new release 1.5.1, we would like to disable the authentification with
app.auth: false
. At the same time in the user environment at the facility we already have definedBEARER_TOKEN
(xcache bearer token):Looks like with disabled authentification, servicex still tries to pick up wrong token: