okta-sdk-nodejs icon indicating copy to clipboard operation
okta-sdk-nodejs copied to clipboard

Published 20 hours ago verified publisher icon okta

getUser hangs when profile attribute has a large value

Open redbmk opened this issue 6 years ago • 4 comments

When retrieving a profile that contains very large values, the getUser function fails to return. To recreate this, create a custom string attribute (avatar for example). Then set the value to something large - in my case I used a 600kb image converted to a data URI (there are online tools to make this easy, such as https://dopiaza.org/tools/datauri/index.php).

If this is done with user.update() then the next call to getUser for that user will return the right value. However, if the user is not already in cache and needs to be fetched from the API, then getUser will never return.

It's not clear to me yet if this is a problem with the API not returning, or if it's a problem with this node module. When looking at the user's profile in the Okta admin panel, the string is viewable and can be edited. After clearing the value, the getUser function will work again for that user.

redbmk avatar Jun 12 '18 06:06 redbmk

Thanks @redbmk for the report, were you able to determine if this hang is form the API or not? Can you try with Curl or Postman and let us know?

robertjd avatar Jun 12 '18 16:06 robertjd

Looks like it does come back using the raw API, and it includes the full Data URI. It does take over a second, so it's not the fastest thing in the world, but the node module doesn't return at all. If I just get the headers without receiving any data then it's closer to half a second, so a good chunk of that is probably just the download.

$ time curl $ORG_URL/api/v1/users/$USER_ID -H "authorization:  SSWS $API_TOKEN" -s0 > /dev/null

real    0m1.263s
user    0m0.056s
sys     0m0.013s

$ time curl $ORG_URL/api/v1/users/$USER_ID -H "authorization:  SSWS $API_TOKEN" -s0 -I > /dev/null

real    0m0.530s
user    0m0.026s
sys     0m0.009s

If I clear out the data, then the time moves to about half a second with or without the payload:

$ time curl $ORG_URL/api/v1/users/$USER_ID -H "authorization:  SSWS $API_TOKEN" -s0 > /dev/null

real    0m0.479s
user    0m0.019s
sys     0m0.006s

$ time curl $ORG_URL/api/v1/users/$USER_ID -H "authorization:  SSWS $API_TOKEN" -s0 -I > /dev/null

real    0m0.478s
user    0m0.017s
sys     0m0.006s

redbmk avatar Jun 12 '18 18:06 redbmk

Thanks @redbmk , I'm going to triage this for a closer look

robertjd avatar Jun 12 '18 21:06 robertjd

This appears to be caused by Response.clone issue. Short-term workaround is to disable caching or provide .clone()-free cache middleware implementation.

Internal Ref: OKTA-410746

oleksandrpravosudko-okta avatar Jul 09 '21 16:07 oleksandrpravosudko-okta