org.mule.module.oauth2.internal.TokenNotFoundException

MuleSoft JIRA | Guillermo Fernandes | 7 months ago
  1. 0

    h5. Problem According to https://tools.ietf.org/html/rfc6749#section-1.5 refresh_token is optional: {quote} Refresh tokens are credentials used to obtain access tokens. Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires, or to obtain additional access tokens with identical or narrower scope (access tokens may have a shorter lifetime and fewer permissions than authorized by the resource owner). Issuing a refresh token is optional at the discretion of the authorization server. If the authorization server issues a refresh token, it is included when issuing an access token (i.e., step (D) in Figure 1). {quote} More detail about this in: https://tools.ietf.org/html/rfc6749#section-5.1 {quote} Successful Response The authorization server issues an access token and optional refresh token, and constructs the response by adding the following parameters to the entity-body of the HTTP response with a 200 (OK) status code: access_token REQUIRED. The access token issued by the authorization server. token_type REQUIRED. The type of the token issued as described in Section 7.1. Value is case insensitive. expires_in RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value. refresh_token OPTIONAL. The refresh token, which can be used to obtain new access tokens using the same authorization grant as described in Section 6. scope OPTIONAL, if identical to the scope requested by the client; otherwise, REQUIRED. The scope of the access token as described by Section 3.3. {quote} Current implementation of OAuth2 authorization-code-grant-type is expecting always to get refresh_token so if the OAuth2 server during a refresh token operation sends only the access_token Mule is failing to get the refresh_token with the following exception: {code} {"access_token":"xCaZDjEo2Um9T8g3OESpi-rzRYOn1o7x865f425JQVw","token_type":"bearer","expires_in":3599} ERROR 2016-04-05 10:48:16,000 [[oauth].HTTP_Listener_Configuration.worker.02] org.mule.module.oauth2.internal.TokenResponseProcessor: Could not extract refresh token from token URL. Expressions used to retrieve refresh token was #[regex('.*"refresh_token"[ ]*:[ ]*"([^\"]*)".*')] ERROR 2016-04-05 10:48:16,038 [[oauth].HTTP_Listener_Configuration.worker.02] org.mule.exception.DefaultMessagingExceptionStrategy: ******************************************************************************** Message : Access token or refresh token were not found from the refresh token oauth call (org.mule.api.MuleRuntimeException). Message payload is of type: BufferInputStream Code : MULE_ERROR--2 -------------------------------------------------------------------------------- Exception stack is: 1. null (org.mule.module.oauth2.internal.TokenNotFoundException) org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler:230 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/module/oauth2/internal/TokenNotFoundException.html) 2. Access token or refresh token were not found from the refresh token oauth call (org.mule.api.MuleRuntimeException) org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler:290 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/MuleRuntimeException.html) 3. Access token or refresh token were not found from the refresh token oauth call (org.mule.api.MuleRuntimeException). Message payload is of type: BufferInputStream (org.mule.api.MessagingException) org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor:32 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/MessagingException.html) -------------------------------------------------------------------------------- Root Exception stack trace: org.mule.module.oauth2.internal.TokenNotFoundException at org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler.processTokenUrlResponse(AutoAuthorizationCodeTokenRequestHandler.java:230) at org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler.doRefreshToken(AutoAuthorizationCodeTokenRequestHandler.java:285) at org.mule.module.oauth2.internal.authorizationcode.AbstractAuthorizationCodeTokenRequestHandler.refreshToken(AbstractAuthorizationCodeTokenRequestHandler.java:56) + 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything) ******************************************************************************** {code} h5. Proposed Solution As described in the spec if there is a refresh_token issued by the OAuth2 server it should be used for getting new access_tokens if not it should fail when the current access_token is no longer valid (after a 401/403 status code and before retrying the request) and a exception of type should be thrown. For instance: {code} "Cannot do a refresh token to get a new access token for the default user due to OAuth server did not issued a refresh_token. You would have to re-authenticate the user before trying to execute an operation to the API." org.mule.module.oauth2.api.RequestAuthenticationException {code}

    MuleSoft JIRA | 7 months ago | Guillermo Fernandes
    org.mule.module.oauth2.internal.TokenNotFoundException
  2. 0

    h5. Problem According to https://tools.ietf.org/html/rfc6749#section-1.5 refresh_token is optional: {quote} Refresh tokens are credentials used to obtain access tokens. Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires, or to obtain additional access tokens with identical or narrower scope (access tokens may have a shorter lifetime and fewer permissions than authorized by the resource owner). Issuing a refresh token is optional at the discretion of the authorization server. If the authorization server issues a refresh token, it is included when issuing an access token (i.e., step (D) in Figure 1). {quote} More detail about this in: https://tools.ietf.org/html/rfc6749#section-5.1 {quote} Successful Response The authorization server issues an access token and optional refresh token, and constructs the response by adding the following parameters to the entity-body of the HTTP response with a 200 (OK) status code: access_token REQUIRED. The access token issued by the authorization server. token_type REQUIRED. The type of the token issued as described in Section 7.1. Value is case insensitive. expires_in RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value. refresh_token OPTIONAL. The refresh token, which can be used to obtain new access tokens using the same authorization grant as described in Section 6. scope OPTIONAL, if identical to the scope requested by the client; otherwise, REQUIRED. The scope of the access token as described by Section 3.3. {quote} Current implementation of OAuth2 authorization-code-grant-type is expecting always to get refresh_token so if the OAuth2 server during a refresh token operation sends only the access_token Mule is failing to get the refresh_token with the following exception: {code} {"access_token":"xCaZDjEo2Um9T8g3OESpi-rzRYOn1o7x865f425JQVw","token_type":"bearer","expires_in":3599} ERROR 2016-04-05 10:48:16,000 [[oauth].HTTP_Listener_Configuration.worker.02] org.mule.module.oauth2.internal.TokenResponseProcessor: Could not extract refresh token from token URL. Expressions used to retrieve refresh token was #[regex('.*"refresh_token"[ ]*:[ ]*"([^\"]*)".*')] ERROR 2016-04-05 10:48:16,038 [[oauth].HTTP_Listener_Configuration.worker.02] org.mule.exception.DefaultMessagingExceptionStrategy: ******************************************************************************** Message : Access token or refresh token were not found from the refresh token oauth call (org.mule.api.MuleRuntimeException). Message payload is of type: BufferInputStream Code : MULE_ERROR--2 -------------------------------------------------------------------------------- Exception stack is: 1. null (org.mule.module.oauth2.internal.TokenNotFoundException) org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler:230 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/module/oauth2/internal/TokenNotFoundException.html) 2. Access token or refresh token were not found from the refresh token oauth call (org.mule.api.MuleRuntimeException) org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler:290 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/MuleRuntimeException.html) 3. Access token or refresh token were not found from the refresh token oauth call (org.mule.api.MuleRuntimeException). Message payload is of type: BufferInputStream (org.mule.api.MessagingException) org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor:32 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/MessagingException.html) -------------------------------------------------------------------------------- Root Exception stack trace: org.mule.module.oauth2.internal.TokenNotFoundException at org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler.processTokenUrlResponse(AutoAuthorizationCodeTokenRequestHandler.java:230) at org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler.doRefreshToken(AutoAuthorizationCodeTokenRequestHandler.java:285) at org.mule.module.oauth2.internal.authorizationcode.AbstractAuthorizationCodeTokenRequestHandler.refreshToken(AbstractAuthorizationCodeTokenRequestHandler.java:56) + 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything) ******************************************************************************** {code} h5. Proposed Solution As described in the spec if there is a refresh_token issued by the OAuth2 server it should be used for getting new access_tokens if not it should fail when the current access_token is no longer valid (after a 401/403 status code and before retrying the request) and a exception of type should be thrown. For instance: {code} "Cannot do a refresh token to get a new access token for the default user due to OAuth server did not issued a refresh_token. You would have to re-authenticate the user before trying to execute an operation to the API." org.mule.module.oauth2.api.RequestAuthenticationException {code}

    MuleSoft JIRA | 7 months ago | Guillermo Fernandes
    org.mule.module.oauth2.internal.TokenNotFoundException

    Root Cause Analysis

    1. org.mule.module.oauth2.internal.TokenNotFoundException

      No message provided

      at org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler.processTokenUrlResponse()
    2. org.mule.module
      AbstractAuthorizationCodeTokenRequestHandler.refreshToken
      1. org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler.processTokenUrlResponse(AutoAuthorizationCodeTokenRequestHandler.java:230)
      2. org.mule.module.oauth2.internal.authorizationcode.AutoAuthorizationCodeTokenRequestHandler.doRefreshToken(AutoAuthorizationCodeTokenRequestHandler.java:285)
      3. org.mule.module.oauth2.internal.authorizationcode.AbstractAuthorizationCodeTokenRequestHandler.refreshToken(AbstractAuthorizationCodeTokenRequestHandler.java:56)
      3 frames