Error messages with status 503 and message temporarily_unavailable when revoking access and refresh tokens sequentially
mih-kopylov opened this issue · 0 comments
mih-kopylov commented
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- This issue affects my Ory Cloud project.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Describe the bug
When revoking access and refresh tokens sequentially, Hydra returns HTTP 200 status, but writes an error message to logs on the second call.
As I see, there're two issues here.
- There should be no error message. The case is not about an error at all, it's just a regular case. It looks more a debug level for me.
- The error message is totally opaque and therefore useless. The https://github.com/ory/fosite/blob/master/handler/oauth2/revocation.go#L89 gets two errors and produces one, hiding the original errors, so there's no way to figure out the root cause of the error. I would suggest keeping the context of the root errors when returning a new one.
Reproducing the bug
- Authorize and get
access_token
andrefresh_token
pair - Call /oauth2/revoke with
access_token
- Call /oauth2/revoke with
refresh_token
- Note an error message in logs
"error":{"debug":"","message":"temporarily_unavailable","reason":"","status":"Service Unavailable","status_code":503}
Relevant log output
"error":{"debug":"","message":"temporarily_unavailable","reason":"","status":"Service Unavailable","status_code":503}
Relevant configuration
No response
Version
oryd/hydra:v1.11.10
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes
Additional Context
No response