Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token Invalid in CubeJS Server after token renew #31019

Closed
freddyDOTCMS opened this issue Dec 27, 2024 · 2 comments · Fixed by #31079
Closed

Token Invalid in CubeJS Server after token renew #31019

freddyDOTCMS opened this issue Dec 27, 2024 · 2 comments · Fixed by #31079
Labels
dotCMS : Analytics Data and Analytics Umbrella QA : Passed Internal Release : 25.01.15 Team : Falcon Type : Defect

Comments

@freddyDOTCMS
Copy link
Contributor

Parent Issue

No response

Problem Statement

When the token expires and is renewed, the Cube.js server returns an 'Invalid Token' error when you attempt to execute a query.

Steps to Reproduce

clientId: 	analytics-customer-customer1
Secret:	 testsecret
Analytics Config URL: 	http://host.docker.internal:8088/c/customer1/cluster1/keys
Analytics Write URL use: 	http://host.docker.internal:8081/api/v1/event
Analytics Read URL use:	 http://host.docker.internal:4001/

Use localhost as domain if you are not using docker

  • Execute the follow request to get CA data

POST
url: {dotcms server}/api/v1/analytics/content/_query
body:

{
    "query": {
        "measures": ["request.count"]
    }
}

You are going to got a 200 HTT COde and the result of this query

  • Wait 5 minutes and hit the Enpoint again

You are going to got 500 Http error and the follow message

{
    "message": "CubeJS Server is not available"
}

If you check the Cubejs Server console you see the follow error


cube                | Internal Server Error: 475d3097-f563-4494-8d92-6ca3d567397f-span-1 (6ms)
cube                | --
cube                | {
cube                |   "measures": [
cube                |     "request.count"
cube                |   ],
cube                |   "offset": 0
cube                | }
cube                | --
cube                | {} 
cube                | Error: No valid token
cube                |     at ApiGateway.queryRewrite (/cube/conf/cube.js:17:19)
cube                |     at /cube/node_modules/@cubejs-backend/api-gateway/src/gateway.ts:1133:38
cube                |     at Array.map (<anonymous>)
cube                |     at ApiGateway.getNormalizedQueries (/cube/node_modules/@cubejs-backend/api-gateway/src/gateway.ts:1130:15)
cube                |     at ApiGateway.load (/cube/node_modules/@cubejs-backend/api-gateway/src/gateway.ts:1595:20)
cube                |     at processTicksAndRejections (node:internal/process/task_queues:95:5)
cube                |     at /cube/node_modules/@cubejs-backend/api-gateway/src/gateway.ts:247:7

Acceptance Criteria

After the token expired it must be renew automatically and you should be able to execute any query in the CubeJS Server

dotCMS Version

latest

Proposed Objective

Core Features

Proposed Priority

Priority 2 - Important

External Links... Slack Conversations, Support Tickets, Figma Designs, etc.

No response

Assumptions & Initiation Needs

No response

Quality Assurance Notes & Workarounds

No response

Sub-Tasks & Estimates

No response
@freddyDOTCMS freddyDOTCMS moved this from New to Next 1-3 Sprints in dotCMS - Product Planning Dec 27, 2024
victoralfaro-dotcms added a commit that referenced this issue Jan 8, 2025
@victoralfaro-dotcms
#31019: Using JWT 'expiresIn' field to determine if token is expired …
5d1da28 
…and adding fallback to dotCMS 'ANALYTICS_ACCESSTOKEN_TTL' config value, removing 'Bearer' prefix from Authorization header since CubeJS does not like it and finally setting 'CUBEJS_JWT_ISSUER' env-var at analytics infrastructure docker-compose to 'http://host.docker.internal:61111/realms/dotcms' since most of the times this is run inside a Dcoker container
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 8, 2025

PRs:

@victoralfaro-dotcms victoralfaro-dotcms moved this from Next 1-3 Sprints to In Progress in dotCMS - Product Planning Jan 8, 2025
@victoralfaro-dotcms victoralfaro-dotcms moved this from In Progress to In Review in dotCMS - Product Planning Jan 8, 2025
victoralfaro-dotcms added a commit that referenced this issue Jan 8, 2025
@victoralfaro-dotcms
#31019: Using JWT 'expiresIn' field to determine if token is expired …
6247712 
…and adding fallback to dotCMS 'ANALYTICS_ACCESSTOKEN_TTL' config value, removing 'Bearer' prefix from Authorization header since CubeJS does not like it and finally setting 'CUBEJS_JWT_ISSUER' env-var at analytics infrastructure docker-compose to 'http://host.docker.internal:61111/realms/dotcms' since most of the times this is run inside a Dcoker container
github-merge-queue bot pushed a commit that referenced this issue Jan 8, 2025
@victoralfaro-dotcms
#31019: Fixing CubeJSClient expired access token renewal. (#31079)
1f2c750 
Several fixes to several causes:
- Using JWT `expiresIn` field to determine if token is expired and
adding fallback to dotCMS `ANALYTICS_ACCESSTOKEN_TTL` config value
- Removing `Bearer` prefix from Authorization header since CubeJS does
not like it (or end up ignoring it)
- Finally setting `CUBEJS_JWT_ISSUER` env-var at analytics
infrastructure docker-compose to
'http://host.docker.internal:61111/realms/dotcms' since most of the
times this is run inside a Docker container.
@github-actions github-actions bot mentioned this issue Jan 8, 2025
Merged
@freddyDOTCMS freddyDOTCMS moved this from In Review to Internal QA in dotCMS - Product Planning Jan 10, 2025
@jcastro-dotcms jcastro-dotcms self-assigned this Jan 14, 2025
@jcastro-dotcms
Copy link
Contributor

INTERNAL QA: PASSED ✅

  • Docker image: trunk_27a6ddf

We can run CubeJS queries without issues now. The token is now getting renewed as expected.

@jcastro-dotcms jcastro-dotcms moved this from Internal QA to Done in dotCMS - Product Planning Jan 14, 2025
@dsilvam dsilvam closed this as completed Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dotCMS : Analytics Data and Analytics Umbrella QA : Passed Internal Release : 25.01.15 Team : Falcon Type : Defect
Projects
dotCMS - Product Planning
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#31019: Fixing CubeJSClient expired access token renewal. dotCMS/core
4 participants
@dsilvam @jcastro-dotcms @victoralfaro-dotcms @freddyDOTCMS