Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail to refresh token #238

Open
5 tasks done
Claudiordev opened this issue Jan 7, 2025 · 0 comments
Open
5 tasks done

Fail to refresh token #238

Claudiordev opened this issue Jan 7, 2025 · 0 comments
Assignees
@alexhung
Labels
bug Something isn't working

Comments

@Claudiordev
Copy link

Claudiordev commented Jan 7, 2025
edited
Loading

Describe the bug
After the plugin is up and running on the vault instance, when some of the users try to refresh a token, the following error is output in the console:

2025-01-02T11:00:51.452Z [DEBUG] secrets.artifactory.artifactory_7260f7c7.artifactory.artifactory-secrets-plugin_1.8.4: failed to get Viewer role: err="could not get the token: HTTP response Invalid token, signature" func=refreshExpiredAccessToken timestamp=2025-01-02T11:00:51.452Z

They receive a Error 403, permission denied, invalid token or Error 400: missing access token on their side.

This issue is related to the issues #236 and #237

This instance is configured with the exceptional case of a configuration without a access token:
vault write artifactory/config/admin url=***
vault write artifactory/config/admin use_expiring_tokens=true
vault write artifactory/config/admin default_description="Generated by Vault" max_ttl=14400 default_ttl=3600
vault write artifactory/config/user_token use_expiring_tokens=true
vault write artifactory/config/user_token default_description="Generated by Vault" max_ttl=14400 default_ttl=3600
vault write artifactory/config/user_token scope="applied-permissions/user"
vault write artifactory/config/user_token audience="jfrt@* jfxr@*"

Artifactory version: 7.98.7
Vault version: 1.18.2
Vault plugin version: 1.8.4

To Reproduce
Steps to reproduce the behavior:

  1. Initiate vault instance and configure artifactory plugin on one of the paths as above
  2. Try to get a refresh token by reading the artifactory path for a configured user within vault

Requirements for and issue

  • A description of the bug
  • A fully functioning vault configuration snippet that can be copy&pasted (no outside files or ENV vars unless that's part of the issue). If this is not supplied, this issue will likely be closed without any effort expended.
  • Your version of artifactory (you can curl it at $host/artifactory/api/system/version
  • Your version of vault
  • Your version of vault plugin

Expected behavior
Refresh token generated every time the user executes the read command on the path "artifactory/user_token/"

Additional context
It was noticed that this error that happened to 2 users, both had 2FA enabled on artifactory, but no further indications that this is related to the issue were discovered
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexhung alexhung

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexhung @Claudiordev