node-vault icon indicating copy to clipboard operation
node-vault copied to clipboard

Published 20 hours ago verified publisher icon nodevault

missing client token

Open ahmed-ebaid opened this issue 5 years ago • 1 comments

We are trying to use this library for vault (in our case, we are using the enterprise version of vault). However, when trying to perform an Ldap authentication, I keep getting an error message indicating a missing client token. I'd assume that a client token shall be retrieved upon a successful authentication process.

const options = {
    endpoint: '<some-end-point>'
    headers: {
        'Content-Type': 'application/json',
        'x-vault-namespace': '<some-namspace>',
    }
}

const vault = nodeVault(options);
const mountPoint = '<some-mountpoint>';
const username = 'user';
const password = 'pass';

vault.auths()
    .then((result) => {
        if (result.hasOwnProperty('ldap/')) {
            console.log('result not having an ldap property');
            return undefined;
        } else {
            console.log('Enabling Auth');
            return vault.enableAuth({
                mount_point: mountPoint,
                type: 'ldap',
                description: 'ldap auth',
            });
        }

    })
    .then(() => {
        console.log('Attempting a write')
        vault.write(`auth/ldap/users/${username}`, {password, policies: 'root'})
    })
    .then(() => {
        console.log('attempting a login');
        vault.ldapLogin({username, password})
    })
    .then(console.log)
    .catch(err => {
        console.error(err.message)
    });

The output of running the above code is a status code of 400, and a message of missing client token. By providing some random text for token, I get a 403 instead and a permission denied error message. Is this a bug in the library or is this an issue on my side?

ahmed-ebaid avatar Jun 05 '19 17:06 ahmed-ebaid

The error "missing token error" is due to missing "X-Vault-Token" header in GET request. The problem is than the library is attaching such header only if its provided in options object (VaultOptions) (the one with apiVersion and endpoint) like:

{
      apiVersion: "v1",
      endpoint: "vault-server-here",
      token: "**put_the_token_here**"
}

The problem is each for request new client must be instantiated in order to pass token to vault's options. As a workaround assign value to client's token right before the request since. At least in our case we manage only 1 token at a time so reassigning the token did the job for us.

const vault = NodeVault(nodeVaultOptions);
function getTokenData(token: string) {
        vault.token = token; // quick fix to update the token right before the request
        const response = vault.tokenLookupSelf(); // the actual request
}

getTokenData(client_token_from_login_response);

BorislavKamenov avatar Oct 13 '19 16:10 BorislavKamenov

No activity since 2019; Closing for staleness

aviadhahami avatar Nov 10 '22 16:11 aviadhahami