search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
746 stars 723 forks source link

refresh token broken since upgrade of APIM (4.0.0 to 4.1.0) and IS extensions (1.2.10 to 1.4.2) #13584

Open Piscenois opened 2 years ago

Piscenois commented 2 years ago

Describe the issue:

When calling refresh token we get this error : 

ERROR {org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/oauth2].[OAuth2Endpoints]} - Servlet.service() for servlet [OAuth2Endpoints] in context with path [/oauth2] threw exception org.apache.cxf.interceptor.Fault: 'java.sql.Timestamp org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO.getAccessTokenIssuedTime()'
        at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)
        at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201)
        at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
        at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:296)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:215)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:271)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:128)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:107)
        at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:92)
        at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
        at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:102)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
        at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
        at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
        at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
        at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
        at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:126)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.NoSuchMethodError: 'java.sql.Timestamp org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO.getAccessTokenIssuedTime()'
        at org.wso2.is.notification.ApimOauthEventInterceptor.onPostTokenRenewal(ApimOauthEventInterceptor.java:207)
        at org.wso2.carbon.identity.data.publisher.oauth.OAuthInterceptorHandlerProxy.onPostTokenRenewal(OAuthInterceptorHandlerProxy.java:113)
        at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.triggerPostListeners(AccessTokenIssuer.java:493)
        at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:327)
        at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:257)
        at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:297)
        at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:122)
        at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:109)
        at jdk.internal.reflect.GeneratedMethodAccessor324.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
        ... 57 more

How to reproduce:

Create an access token (JWT). Send a refresh token request.

Expected behavior:

No error and token refreshed.

Environment information (Please complete the following information; remove any unnecessary fields) :

Optional Fields

Related issues:

Suggested labels:

Piscenois commented 2 years ago

IS 5.11.0 uses wso2-extensions/identity-inbound-auth-oauth version 6.4.111. In this version the class RefreshTokenValidationDataDO doesn't contain the getAccessTokenIssuedTime method.

Piscenois commented 1 year ago

Up !

totolook commented 1 year ago

Please UP!

mdelaat commented 1 year ago

+ 1 !!

mdelaat commented 1 year ago

I tried going back to IS5.10, which uses wso2-extensions/identity-inbound-auth-oauth version 6.4.2, but I'm seeing exactly the same problem there.

So it seems that there is some component in IS which depends on a more recent version of RefreshTokenValidationDataDO (like the latest one).

Anyone know a workaround for this?

Piscenois commented 1 year ago

Yes.

  1. Clone https://github.com/wso2-extensions/identity-inbound-auth-oauth v6.4.11.x branch/tag
  2. Apply this : https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/1733
  3. Build
  4. Enjoy ! 😉
LilanJay commented 3 months ago

Hi @Piscenois After building the jar file, did you replace it with the existing one inside repository/plugins? I'm having trouble during the startup after I replace the jar file. The following error appears in the log and the IS fails to start.

ERROR {org.wso2.carbon.tomcat.internal.CarbonTomcat} - error while parsing xml stream org.xml.sax.SAXParseException; lineNumber: 37; columnNumber: 93; Error at line [37] column [93]: [org.wso2.carbon.identity.auth.valve.AuthenticationValve] Caused by: java.lang.ClassNotFoundException org.wso2.carbon.identity.auth.valve.AuthenticationValve