Attempt an OAuth2 Refresh on 401 (#3903)
This commit is contained in:
parent
e2fdfd2937
commit
f24c3583fb
|
@ -433,9 +433,7 @@ class Monitor extends BeanModel {
|
||||||
if (this.auth_method === "oauth2-cc") {
|
if (this.auth_method === "oauth2-cc") {
|
||||||
try {
|
try {
|
||||||
if (this.oauthAccessToken === undefined || new Date(this.oauthAccessToken.expires_at * 1000) <= new Date()) {
|
if (this.oauthAccessToken === undefined || new Date(this.oauthAccessToken.expires_at * 1000) <= new Date()) {
|
||||||
log.debug("monitor", `[${this.name}] The oauth access-token undefined or expired. Requesting a new one`);
|
this.oauthAccessToken = await this.makeOidcTokenClientCredentialsRequest();
|
||||||
this.oauthAccessToken = await getOidcTokenClientCredentials(this.oauth_token_url, this.oauth_client_id, this.oauth_client_secret, this.oauth_scopes, this.oauth_auth_method);
|
|
||||||
log.debug("monitor", `[${this.name}] Obtained oauth access-token. Expires at ${new Date(this.oauthAccessToken.expires_at * 1000)}`);
|
|
||||||
}
|
}
|
||||||
oauth2AuthHeader = {
|
oauth2AuthHeader = {
|
||||||
"Authorization": this.oauthAccessToken.token_type + " " + this.oauthAccessToken.access_token,
|
"Authorization": this.oauthAccessToken.token_type + " " + this.oauthAccessToken.access_token,
|
||||||
|
@ -1065,18 +1063,35 @@ class Monitor extends BeanModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
return res;
|
return res;
|
||||||
} catch (e) {
|
} catch (error) {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Make a single attempt to obtain an new access token in the event that
|
||||||
|
* the recent api request failed for authentication purposes
|
||||||
|
*/
|
||||||
|
if (this.auth_method === "oauth2-cc" && error.response.status === 401 && !finalCall) {
|
||||||
|
this.oauthAccessToken = await this.makeOidcTokenClientCredentialsRequest();
|
||||||
|
let oauth2AuthHeader = {
|
||||||
|
"Authorization": this.oauthAccessToken.token_type + " " + this.oauthAccessToken.access_token,
|
||||||
|
};
|
||||||
|
options.headers = { ...(options.headers),
|
||||||
|
...(oauth2AuthHeader)
|
||||||
|
};
|
||||||
|
|
||||||
|
return this.makeAxiosRequest(options, true);
|
||||||
|
}
|
||||||
|
|
||||||
// Fix #2253
|
// Fix #2253
|
||||||
// Read more: https://stackoverflow.com/questions/1759956/curl-error-18-transfer-closed-with-outstanding-read-data-remaining
|
// Read more: https://stackoverflow.com/questions/1759956/curl-error-18-transfer-closed-with-outstanding-read-data-remaining
|
||||||
if (!finalCall && typeof e.message === "string" && e.message.includes("maxContentLength size of -1 exceeded")) {
|
if (!finalCall && typeof error.message === "string" && error.message.includes("maxContentLength size of -1 exceeded")) {
|
||||||
log.debug("monitor", "makeAxiosRequest with gzip");
|
log.debug("monitor", "makeAxiosRequest with gzip");
|
||||||
options.headers["Accept-Encoding"] = "gzip, deflate";
|
options.headers["Accept-Encoding"] = "gzip, deflate";
|
||||||
return this.makeAxiosRequest(options, true);
|
return this.makeAxiosRequest(options, true);
|
||||||
} else {
|
} else {
|
||||||
if (typeof e.message === "string" && e.message.includes("maxContentLength size of -1 exceeded")) {
|
if (typeof error.message === "string" && error.message.includes("maxContentLength size of -1 exceeded")) {
|
||||||
e.message = "response timeout: incomplete response within a interval";
|
error.message = "response timeout: incomplete response within a interval";
|
||||||
}
|
}
|
||||||
throw e;
|
throw error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1579,6 +1594,23 @@ class Monitor extends BeanModel {
|
||||||
const parentActive = await Monitor.isParentActive(parent.id);
|
const parentActive = await Monitor.isParentActive(parent.id);
|
||||||
return parent.active && parentActive;
|
return parent.active && parentActive;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Obtains a new Oidc Token
|
||||||
|
* @returns {Promise<object>} OAuthProvider client
|
||||||
|
*/
|
||||||
|
async makeOidcTokenClientCredentialsRequest() {
|
||||||
|
log.debug("monitor", `[${this.name}] The oauth access-token undefined or expired. Requesting a new token`);
|
||||||
|
const oAuthAccessToken = await getOidcTokenClientCredentials(this.oauth_token_url, this.oauth_client_id, this.oauth_client_secret, this.oauth_scopes, this.oauth_auth_method);
|
||||||
|
if (this.oauthAccessToken?.expires_at) {
|
||||||
|
log.debug("monitor", `[${this.name}] Obtained oauth access-token. Expires at ${new Date(this.oauthAccessToken?.expires_at * 1000)}`);
|
||||||
|
} else {
|
||||||
|
log.debug("monitor", `[${this.name}] Obtained oauth access-token. Time until expiry was not provided`);
|
||||||
|
}
|
||||||
|
|
||||||
|
return oAuthAccessToken;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module.exports = Monitor;
|
module.exports = Monitor;
|
||||||
|
|
Loading…
Reference in New Issue