Unauthenticated desc = unable to parse jwt token:Token is expired

diggy · September 30, 2019, 6:25pm

Moved from GitHub ratel/128

Ratel cannot run any operations that require authentication after the ACL access TTL expires.

Steps to reproduce:

Run a Dgraph cluster with a short access TTL:

dgraph alpha ...  --hmac_secret_file ./hmacsecret.txt --acl_access_ttl 3s

Log in as groot in Ratel.
Take a breather for 3 seconds to let the TTL expire.
Try to add a user, which results in this error:

The dev tools network inspector shows the reason for the error for the /mutate request:

{"errors":[{"message":"rpc error: code = Unauthenticated desc = unable to parse jwt token:Token is expired","extensions":{"code":"ErrorInvalidRequest"}}],"data":null}

The refresh token should be used to re-authenticate the client after the TTL has expired.

diggy · September 30, 2019, 6:31pm

danielmai commented :

Another way to reproduce this:

Log in
Periodically click on Refresh Schema in the Schema tab the TTL expires.

Topic		Replies	Views
Refresh expired JWT token for ACL access Dgraph Clients untagged , dgraph-js	2	586	July 11, 2020
JWT Token is expired when using Dgraph with Kubernetes GraphQL area:kubernetes	1	733	September 4, 2020
Docs: Dgraph Increment vs ACL Dgraph status:accepted , kind:bug , ticket:created	1	848	September 2, 2020
Allow overriding the JWKURL expireTime in GraphQL Authorization schema GraphQL	0	469	January 5, 2023
ACL interface becomes blank Ratel kind:bug , ratel	2	381	July 11, 2020

Unauthenticated desc = unable to parse jwt token:Token is expired

Related topics