Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: specify the correct audience when getting an Optimize auth token #185

Merged
merged 1 commit into from
Jun 12, 2024
Merged

fix: specify the correct audience when getting an Optimize auth token #185

merged 1 commit into from
Jun 12, 2024

Conversation

pepopowitz
Copy link
Contributor

Originally reported by @SamanthaHolstine in Camunda internal Slack.

This PR corrects the audience argument for getting an auth token from the OptimizeApiClient.

The OptimizeApiClient was passing the OPERATE audience, instead of OPTIMIZE. This was resulting in any request to an authorized Optimize endpoint failing, with a 401 Unauthorized response.

I confirmed with a local reproduction that changing to OPTIMIZE fixes the issue. I didn't find an existing place to put a test; let me know if I overlooked something, or if you have suggestions on how I can include a test for this behavior.

Note also that I made this commit with the --no-verify flag, because I could not get unit tests passing locally, seemingly unrelated to my change. See below for the tests that consistently failed for me, maybe you have some suggestions about what I'm missing for those tests to pass.

 FAIL  src/__tests__/oauth/OAuthProvider.unit.spec.ts (22.853 s)
  ● Console

    console.log
      audience=token&client_id=clientId6&client_secret=clientSecret&grant_type=client_credentials

      at IncomingMessage.<anonymous> (src/__tests__/oauth/OAuthProvider.unit.spec.ts:225:15)

    console.log
      audience=token&client_id=clientId6&client_secret=clientSecret&grant_type=client_credentials

      at IncomingMessage.<anonymous> (src/__tests__/oauth/OAuthProvider.unit.spec.ts:225:15)

    console.log
      Server running on port 3033

      at Server.<anonymous> (src/__tests__/oauth/OAuthProvider.unit.spec.ts:597:12)

  ● OAuthProvider › Uses form encoding for request

    thrown: "Exceeded timeout of 10000 ms for a test while waiting for `done()` to be called.
    Add a timeout value to this test to increase the timeout, if this is a long-running test. See https://jestjs.io/docs/api#testname-fn-timeout."

      249 |     })
      250 |
    > 251 |     it('Uses form encoding for request', (done) => {
          |     ^
      252 |             const serverPort3001 = 3001
      253 |             const o = new OAuthProvider({
      254 |                     config: {

      at src/__tests__/oauth/OAuthProvider.unit.spec.ts:251:2
      at Object.<anonymous> (src/__tests__/oauth/OAuthProvider.unit.spec.ts:37:1)

  ● OAuthProvider › Uses a custom audience for an Operate token, if one is configured

    thrown: "Exceeded timeout of 10000 ms for a test while waiting for `done()` to be called.
    Add a timeout value to this test to increase the timeout, if this is a long-running test. See https://jestjs.io/docs/api#testname-fn-timeout."

      286 |     })
      287 |
    > 288 |     it('Uses a custom audience for an Operate token, if one is configured', (done) => {
          |     ^
      289 |             const serverPort3003 = 3003
      290 |             const o = new OAuthProvider({
      291 |                     config: {

      at src/__tests__/oauth/OAuthProvider.unit.spec.ts:288:2
      at Object.<anonymous> (src/__tests__/oauth/OAuthProvider.unit.spec.ts:37:1)

 FAIL  src/__tests__/zeebe/ZeebeGrpcClient-unmocked.unit.spec.ts (13.386 s)
  ● ZeebeGrpcClient constructor throws an exception when there is no broker and retry is false

    thrown: "Exceeded timeout of 13000 ms for a test.
    Add a timeout value to this test to increase the timeout, if this is a long-running test. See https://jestjs.io/docs/api#testname-fn-timeout."

      18 | jest.setTimeout(13000)
      19 |
    > 20 | test('ZeebeGrpcClient constructor throws an exception when there is no broker and retry is false', async () => {
         | ^
      21 |      const zbc = new ZeebeGrpcClient({
      22 |              config: {
      23 |                      CAMUNDA_OAUTH_DISABLED: true,

      at Object.<anonymous> (src/__tests__/zeebe/ZeebeGrpcClient-unmocked.unit.spec.ts:20:1)

  ● ZeebeGrpcClient constructor throws an exception when there is no broker and retry is false

    expect.assertions(1)

    Expected one assertion to be called but received zero assertion calls.

      28 |              },
      29 |      })
    > 30 |      expect.assertions(1)
         |             ^
      31 |      try {
      32 |              await zbc.deployResource({
      33 |                      processFilename: './src/__tests__/testdata/hello-world.bpmn',

      at Object.<anonymous> (src/__tests__/zeebe/ZeebeGrpcClient-unmocked.unit.spec.ts:30:9)

@pepopowitz pepopowitz requested a review from jwulf June 12, 2024 22:15
jwulf
jwulf approved these changes Jun 12, 2024
View reviewed changes
Copy link
Member

@jwulf jwulf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for finding and fixing this!

@jwulf jwulf merged commit a852281 into alpha Jun 12, 2024
6 of 9 checks passed
jwulf pushed a commit that referenced this pull request Jun 13, 2024
@pepopowitz @jwulf
fix: specify the correct audience when getting an Optimize auth token (
a6a642a 
…#185)

Optimize API calls were not authorized with the correct token audience, leading to a 401 in every case. This is now fixed to use the correct token audience.
github-actions bot pushed a commit that referenced this pull request Jun 13, 2024
@semantic-release-bot
chore(release): 8.6.3 [skip ci]
5074101 
## [8.6.3](v8.6.2...v8.6.3) (2024-06-13)

### Bug Fixes

* specify the correct audience when getting an Optimize auth token ([#185](#185)) ([a852281](a852281))
github-actions bot pushed a commit that referenced this pull request Jun 13, 2024
@semantic-release-bot
chore(release): 8.6.3 [skip ci]
3558998 
## [8.6.3](v8.6.2...v8.6.3) (2024-06-13)

### Bug Fixes

* specify the correct audience when getting an Optimize auth token ([#185](#185)) ([a852281](a852281))
github-actions bot pushed a commit that referenced this pull request Jun 13, 2024
@semantic-release-bot
chore(release): 8.5.8 [skip ci]
b4292db 
## [8.5.8](v8.5.7...v8.5.8) (2024-06-13)

### Bug Fixes

* specify the correct audience when getting an Optimize auth token ([#185](#185)) ([a6a642a](a6a642a))
github-actions bot pushed a commit that referenced this pull request Jun 13, 2024
@semantic-release-bot
chore(release): 8.5.8 [skip ci]
31f9d45 
## [8.5.8](v8.5.7...v8.5.8) (2024-06-13)

### Bug Fixes

* specify the correct audience when getting an Optimize auth token ([#185](#185)) ([a6a642a](a6a642a))
@pepopowitz pepopowitz deleted the pepopowitz/fix-optimize-auth branch June 13, 2024 20:46
dfulgham pushed a commit to dfulgham/camunda-8-js-sdk that referenced this pull request Jul 8, 2024
@semantic-release-bot @dfulgham
chore(release): 8.6.3 [skip ci]
528d9a3 
## [8.6.3](camunda/camunda-8-js-sdk@v8.6.2...v8.6.3) (2024-06-13)

### Bug Fixes

* specify the correct audience when getting an Optimize auth token ([camunda#185](camunda#185)) ([a852281](camunda@a852281))
dfulgham pushed a commit to dfulgham/camunda-8-js-sdk that referenced this pull request Jul 8, 2024
@semantic-release-bot @dfulgham
chore(release): 8.6.3 [skip ci]
031fdad 
## [8.6.3](camunda/camunda-8-js-sdk@v8.6.2...v8.6.3) (2024-06-13)

### Bug Fixes

* specify the correct audience when getting an Optimize auth token ([camunda#185](camunda#185)) ([a852281](camunda@a852281))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwulf jwulf jwulf approved these changes

Assignees

@jwulf jwulf

Labels
None yet
Projects
Developer Experience
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pepopowitz @jwulf