payload icon indicating copy to clipboard operation
payload copied to clipboard
verified publisher icon payloadcms

plugin-cloud expiring S3 credentials

Open denolfe opened this issue 1 year ago • 1 comments

Environment Info

payload: 3.0.0-beta.108
next: 15.0.0-canary.160

Describe the Bug

The internal S3 client within plugin-cloud appears to have an expiring token after a certain amount of time.

Need to investigate how credentials could be getting stale and ensure they are being refreshed accordingly.

This should be addressed in v2 and v3.

Reports are showing the following error:

[12:56:11] ERROR (payload): Error getting file from cloud storage
    err: {
      "type": "S3ServiceException",
      "message": "The provided token has expired.",
      "stack":
          ExpiredToken: The provided token has expired.
              at throwDefaultError (/home/node/app/node_modules/@smithy/smithy-client/dist-cjs/index.js:838:20)
              at /home/node/app/node_modules/@smithy/smithy-client/dist-cjs/index.js:847:5
              at de_CommandError (/home/node/app/node_modules/@aws-sdk/client-s3/dist-cjs/index.js:4756:14)
              at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
              at async /home/node/app/node_modules/@smithy/middleware-serde/dist-cjs/index.js:35:20
              at async /home/node/app/node_modules/@aws-sdk/middleware-signing/dist-cjs/index.js:225:18
              at async /home/node/app/node_modules/@smithy/middleware-retry/dist-cjs/index.js:320:38
              at async /home/node/app/node_modules/@aws-sdk/middleware-flexible-checksums/dist-cjs/index.js:173:18
              at async /home/node/app/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/index.js:97:20
              at async /home/node/app/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/index.js:120:14
      "name": "ExpiredToken",
      "$fault": "client",
      "$metadata": {
        "httpStatusCode": 400,
        "requestId": "6QVCCRS3PJQB4BPR",
        "extendedRequestId": "asdf",
        "attempts": 1,
        "totalRetryDelay": 0
      "$fault": "client",
      },
      "Code": "ExpiredToken",
      "Token-0": "REDACTED",
      "RequestId": "6QVCCRS3PJQB4BPR",
      "HostId": "asdf"
    }

Reproduction Steps

Unclear, consistent recreation steps

Adapters and Plugins

No response

denolfe avatar Sep 25 '24 13:09 denolfe

Hello, just to mention that this seems to be a v2 problem as well. I keep getting this error on my deployed app.

WebsiteFactoryTM avatar Oct 03 '24 10:10 WebsiteFactoryTM

isValid() use in in payload-cloud

isValid() implementation in - amazon-cognito-idenity-js

kendelljoseph avatar Oct 28 '24 15:10 kendelljoseph

PR Opened: https://github.com/payloadcms/payload/pull/8904

kendelljoseph avatar Oct 28 '24 18:10 kendelljoseph

🚀 This is included in version v3.25.0

github-actions[bot] avatar Feb 27 '25 17:02 github-actions[bot]

This issue has been automatically locked. Please open a new issue if this issue persists with any additional detail.

github-actions[bot] avatar Mar 07 '25 05:03 github-actions[bot]