threat-dragon icon indicating copy to clipboard operation
threat-dragon copied to clipboard
verified publisher icon OWASP

Getting 401 on requests after 2 hours

Open yosh-se opened this issue 9 months ago • 3 comments

Describe the bug: It seems like I'm unable to save anything 2 hours after I've logged in on my threat-dragon, through Gitlab.

Expected behaviour: I should be able to work until I logout.

Environment: Self-hosted 2.4.1 in kubernetes.

To Reproduce: Login with Gitlab, open model, wait for two hours, try to save.

Any additional context, screenshots, etc: I believe that Gitlab had tokens that lasted forever before, but has transitioned to a TTL of 2 hours. I don't seem to be able to find any code related to renewing provider tokens, maybe that isn't supported (yet)?

yosh-se avatar Mar 06 '25 12:03 yosh-se

Thanks for the bug report @yosh-se , and it is a difficult problem can you try refreshing to GitLab using a another tab, and see if that now works? Either way, this is something to put in the documentation for sure

jgadsden avatar Mar 06 '25 13:03 jgadsden

I've been fiddling around with it a bit. I think I just wanted to verify that this was the case. I did try to refresh the login in a new tab, but I've had mixed results.

Thanks for the prompt response :)

yosh-se avatar Mar 06 '25 13:03 yosh-se

**@jgadsden @yosh-se

please assign it to me

Possible Solutions for GitLab Token Expiry Issue 1️⃣ Implement Token Renewal – Add logic to refresh GitLab tokens before expiration. 2️⃣ Increase Token TTL – Check GitLab OAuth settings to extend the token lifespan. 3️⃣ Handle Expired Tokens Gracefully – Detect expiration and prompt users to re-authenticate. 4️⃣ Enable Session Persistence – Store and reuse valid tokens without forcing re-login. 5️⃣ Check Kubernetes Logs – Identify if authentication failures are due to token expiration.**

aniket866 avatar Mar 11 '25 09:03 aniket866