Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Api gateway returns 400 error related to authentication token but the backend returned 301 #889

Open
martinsanchezpearltech opened this issue Jun 18, 2024 · 0 comments

Comments

@martinsanchezpearltech
Copy link

Environment info:

  • KrakenD version: 3
  • Backend technology: .net
  • Additional environment information:

Describe the bug
1.- We receive a call on krakend
2.- There we validate the token comming from the UI
3.- We generate a client credentials token to call the backend
4.- Backend returns 301 with a url that works on the browser
5.- krakend returns 400 bad request with the below error:


InvalidAuthenticationInfo
Authentication information is not given in the correct format. Check the value of Authorization header.
RequestId:09ba3e43-f01e-0058-51b7-c1e59e000000
Time:2024-06-18T19:38:03.8875498Z

Your configuration file:

  "version": 3,
  "name": "Invoicing-mx-api-gtw",
  "timeout": "10000ms",
  "cache_ttl": "300s",    
  "port": 8080,    
  "debug_endpoint": true,
  "client_tls": {
    "allow_insecure_connections": true
  },
  "endpoints": [
  {
         "endpoint":"/document/api/v1/Files/{param1}/{param2}/preview",
         "method":"GET",
         "output_encoding":"no-op",
         "input_headers":["*"],
         "input_query_strings":["*"],
         "backend":[
            {
               "encoding": "no-op",
               "url_pattern":"/api/v1/Files/{param1}/",
               "host":["somehost"],
                "extra_config":{
                  "auth/client-credentials": {
                        "client_id":  "someclientid",
                        "client_secret": "somesecret",
                        "token_url": "sometokenurl",
                        "scopes": "somescope"
                    },
                    "modifier/martian": {
                      "fifo.Group": {
                        "scope": ["response"],
                        "modifiers": [
                          {
                            "header.Blacklist": {
                              "scope": ["response"],
                              "names": ["access-control-allow-origin"]
                            }
                          }
                        ]
                    }
				  }
               }
            }
         ],
         "extra_config":{
            "auth/validator":{
               "alg":"RS256",
               "cache":true,
               "jwk_url":"https://login.microsoftonline.com/common/discovery/keys",
               "issuer": "some issuer",
               "audience":[ "some audience" ],
               "roles_key": "roles",
               "roles":  ["some role"],
               "scopes_key": "some scope key",
               "scopes":["some scope],
               "operation_debug": true
            }
         }
      }

  ],
  "extra_config": {
    "telemetry/logging": {
      "level": "DEBUG",
      "prefix": "[KRAKEND]",
      "syslog": true,
      "stdout": true,
      "format": "default"
      },
      "security/cors": {
      "allow_origins": ["*"],
      "allow_methods": ["PUT","GET","POST","OPTIONS","DELETE","PATCH"],
      "allow_headers": ["DNT","Accept","Accept-Language","Connection","Referer","X-CustomHeader","Sec-Fetch-Dest","Sec-Fetch-Mode","Sec-Fetch-Site","sec-ch-ua","sec-ch-ua-platform","sec-ch-ua-mobile","Keep-Alive","User-Agent","X-Requested-With","If-Modified-Since","Cache-Control","Content-Type","Authorization","x-requested-with","x-signalr-user-agent","etag","x-connection-id","x-api-key","User-DateTime","User-TimeZone"],
      "expose_headers": ["Content-Length","Content-Type"],            
      "max_age": "60m",
      "allow_credentials": true,
      "debug": true
    },
    "router": {
      "return_error_msg":true,
      "disable_redirect_fixed_path":true,
      "auto_options": true,
      "error_body": {
        "404": {
          "message": "Gtw: Page not found",
          "status": 404
        },
        "405": {
          "message": "Gtw: Method not allowed",
          "status": 405
        }
      }
    }
  }
}

Commands used
How did you start the software?

docker buildx build --progress=plain --no-cache -f "my docker file " -t gatewayname:v "source folder"

Expected behavior
I think krakend is trying to validate the token again after the redirect response but as we generated a different token to call backend now it has different information than the one validated, I would like to skip this second token validation for the redirect responses

Logs
2024-06-18 13:37:59 2024/06/18 19:37:59 KRAKEND DEBUG: [CORS] 2024/06/18 19:37:59 Handler: Actual request
2024-06-18 13:37:59
2024-06-18 13:37:59 2024/06/18 19:37:59 KRAKEND DEBUG: [CORS] 2024/06/18 19:37:59 Actual response added headers: map[Access-Control-Allow-Credentials:[true] Access-Control-Allow-Origin:[*] Access-Control-Expose-Headers:[Content-Length, Content-Type] Vary:[Origin]]
2024-06-18 13:37:59
2024-06-18 13:38:04 [GIN] 2024/06/18 - 19:38:04 | 400 | 4.783303462s | 172.17.0.1 | GET "/my url"

Additional context
the error is not so clear I har to run everuthyng on my local host to be able to see what was happening

@martinsanchezpearltech martinsanchezpearltech changed the title Api gateways return 400 error related to authentication token Api gateway return 400 error related to authentication token but the backend returned 301 Jun 18, 2024
@martinsanchezpearltech martinsanchezpearltech changed the title Api gateway return 400 error related to authentication token but the backend returned 301 Api gateway returns 400 error related to authentication token but the backend returned 301 Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant