conan icon indicating copy to clipboard operation
conan copied to clipboard
verified publisher icon conan-io

Conan occasionally loses authentication with Artifactory remote

Open sharadupadhyaya opened this issue 1 year ago • 3 comments

Describe the bug

I noticed on many occasions that Conan loses authentication with Artifactory remote. It gets noticed when conan commands fail to find any packages in the remote. Need to re-authenticate using conan remote login command. This isn't very pleasant for the user and any automation using conan commands.

I presume we only need to authenticate the remote once and then it should stay until local conan cache is deleted.

I am using Conan 2.3.1, but has noticed this issue with older versions of Conan2 too.

How to reproduce it

No response

sharadupadhyaya avatar May 29 '24 15:05 sharadupadhyaya

Hi @sharadupadhyaya

Conan uses JWT tokens to communicate with the servers. These tokens, by its nature have a expiry date. I think this is set by default in servers like Artifactory to 1 month, see https://jfrog.com/help/r/artifactory-how-to-refresh-the-conan-cli-access-token/artifactory-how-to-refresh-the-conan-cli-access-token

This is a security mechanism. If you want to increase that time, you can do it via Artifactory configuration properties, but note that the longer the time, the less secure are the tokens.

memsharded avatar May 29 '24 16:05 memsharded

Got it. Thanks @memsharded

sharadupadhyaya avatar Jun 04 '24 13:06 sharadupadhyaya

Is the above consistent with your experience @sharadupadhyaya, and the tokens are being expired like monthly? If that is the case and this is confirmed, then I think we can close this ticket as resolved.

memsharded avatar Jun 04 '24 14:06 memsharded

Any further feedback here @sharadupadhyaya? Are the tokens expired monthly?

memsharded avatar Sep 04 '24 21:09 memsharded

Yes, the tokens are being expired monthly. I have started using Identity Tokens instead of API Key to authenticate with Artifactory, they expire yearly.

On Wed, 4 Sep 2024 at 10:36 PM, James @.***> wrote:

Any further feedback here @sharadupadhyaya https://github.com/sharadupadhyaya? Are the tokens expired monthly?

— Reply to this email directly, view it on GitHub https://github.com/conan-io/conan/issues/16368#issuecomment-2330187797, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMGHP6O3CD7AGRJPTTA2XNTZU54MZAVCNFSM6AAAAABIPFVMPGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMZQGE4DONZZG4 . You are receiving this because you were mentioned.Message ID: @.***>

sharadupadhyaya avatar Sep 05 '24 09:09 sharadupadhyaya

Thanks for the feedback. Just please take into account that long-lived tokens are somewhat less secure than short-lived tokens. For sure the shorter they live the more inconvenience it is, and devs and CI need to auth more often, but it is generally considered safer.

I think this question can be closed as solved, please don't hesitate to create new tickets as necessary.

memsharded avatar Sep 05 '24 09:09 memsharded