stratos
stratos copied to clipboard
cloudfoundry
Improve "We've been having trouble communicating with" error for endpoints with expired tokens
Frontend Deployment type
- [X] Cloud Foundry Application (cf push)
- [ ] Kubernetes, using a helm chart
- [ ] Docker, using docker compose
- [ ] Docker, single container deploying all components
- [ ] npm run start
- [ ] Other (please specify below)
Backend (Jet Stream) Deployment type
- [X] Cloud Foundry Application (cf push)
- [ ] Kubernetes, using a helm chart
- [ ] Docker, using docker compose
- [ ] Docker, single container deploying all components
- [ ] Other (please specify below)
Details
We have a stratos deployment with 4 endpoints. We are using SSO_LOGIN=true to sign into all those endpoints. If I connect to all the endpoints then wait for the refresh tokens to expire for them all, when I next log into stratos I get the error:
We've been having trouble communicating with {endpoint} - You may be seeing out-of-date information.
To resolve this issue the user needs to go into the endpoints tab, disconnect, then connect to the endpoint again. This is a confusing things for users. First of all the error message makes it sound like Endpoint is down where all they need to do is re-login. Second the endpoints view shows to user is connected to that endpoint even though their token has expired. It is un-intuitive for them to disconnect then connect again.
Expected behaviour
-
Stratos showed the user an error message informing them that their authorization token has expired for the listed endpoints with perhaps a link to the endpoints tab to reconnect?
-
In the endpoints view don't show endpoints with expired refresh tokens as "Connected". Instead show them as disconnected so it is obvious to the user they need to connect again.
Actual behaviour
User gets a confusing error message that makes them think the Endpoints listed are down. And to fix it they need to disconnect and connect again to all their endpoints. More work than would otherwise be necessary.
Steps to reproduce the behavior
- Deploy stratos with SSO_LOGIN=true.
- Connect stratos to 2 endpoints using SSO.
- Wait for refresh tokens to expire.
- Try to do something in stratos.
Log output covering before error and any error statements
2018-12-03T10:47:30.25-0700 [APP/PROC/WEB/0] OUT WARN[Mon Dec 3 17:47:30 UTC 2018] <nil>+
2018-12-03T10:47:30.25-0700 [APP/PROC/WEB/0] OUT INFO[Mon Dec 3 17:47:30 UTC 2018] Token refresh request failed: Error: <nil>
2018-12-03T10:47:30.25-0700 [APP/PROC/WEB/0] OUT Status: 401
2018-12-03T10:47:30.25-0700 [APP/PROC/WEB/0] OUT Response: {"error":"invalid_token","error_description":"Invalid refresh token expired at Sat Dec 01 16:59:01 UTC 2018"}
I actually think this issue can be duplicated with a single endpoint as well. As long as that endpoint is connected via SSO.
I have stratos deployed without SSO and I am seeing the same issue. Unregistering and then relogging in seems to resolve it. But not a great user experience though.
I am using the latest stable build as of Feb 6 and am not using SSO and immediately am seeing the same errors. Users are reporting errors as well. Think it may be related to some slowness with our CF CPI which I am digging into.
Hi, any progress made on resolving this issue? We have experienced a similar issue. When the refresh token expired, it does not tell us to re-auth to obtain a new one. Instead, it shows a 500 error for some endpoints, and when we click details ex. application, it will show no application even there are some.
