request-access-token - oauth2: cannot fetch token: 404 Not Found/400 bad request
mar1n3r0 opened this issue · 5 comments
DEBUG: [EventBus|Subscribe]: user.AccessTokenWasRequested {"id":"f610c09b-d7c6-4311-9573-cd841dd4a819","email":"example3@example.com"}
2019/12/27 16:43:57.982291 DEBUG: [EventBus|Subscribe]: user.AccessTokenWasRequested {"id":"f610c09b-d7c6-4311-9573-cd841dd4a819","email":"example3@example.com"}
2019/12/27 16:43:57 [EventHandler] {"id":"f610c09b-d7c6-4311-9573-cd841dd4a819","email":"example3@example.com"}
2019/12/27 16:43:57.991235 DEBUG: [EventBus|Subscribe]: user.AccessTokenWasRequested {"id":"f610c09b-d7c6-4311-9573-cd841dd4a819","email":"example3@example.com"}
2019/12/27 16:43:58 [EventHandler] Error: oauth2: cannot fetch token: 404 Not Found
Response: 404 page not found
That was fixed by #43 Add /v1 prefix to oauth2Config
The next one happening is:
user_logs:
2019/12/31 20:44:40.629628 DEBUG: [EventBus|Publish]: user.AccessTokenWasRequested {"id":"d53836de-23d2-45a6-abb0-87f5abea8a2f","metadata":{"type":"user.AccessTokenWasRequested","stream_id":"00000000-0000-0000-0000-000000000000","stream_name":"user.User","stream_version":0,"occurred_at":"2019-12-31T20:44:40.628333849Z"},"payload":{"id":"00000000-0000-0000-0000-000000000000","email":""}}
2019/12/31 20:44:40.645071 INFO: [Request|End]: 7d0d9965-6268-45d7-9ceb-79e98b284ee6 : (0) : POST /v1/dispatch/request-user-access-token -> 172.17.0.8:45394 (23.73608ms)
2019/12/31 20:44:40.646782 DEBUG: [EventBus|Subscribe]: user.AccessTokenWasRequested {"id":"00000000-0000-0000-0000-000000000000","email":""}
2019/12/31 20:44:40 [EventHandler] {"id":"00000000-0000-0000-0000-000000000000","email":""}
2019/12/31 20:44:40 [EventHandler] Error: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed"}
auth_logs:
2019/12/31 20:57:15.329019 ERROR: oAuth2 Server response error: invalid_client
&{invalid_client 0 Client authentication failed 401 map[]}
2019/12/31 20:57:15.331306 INFO: [Request|End]: 4a8f5593-ba15-444e-844e-6a7c381bedd1 : (0) : POST /v1/token -> 172.17.0.15:56618 (5.698101ms)
2019/12/31 20:57:15.332723 INFO: [Request|Start]: 490cbe9b-dd4c-43de-92eb-5abbb59cea66 : (0) : POST /v1/token -> 172.17.0.15:56618
2019/12/31 20:57:15.333062 ERROR: oAuth2 Server response error: invalid_request
&{invalid_request 0 The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed 400 map[]}
Error: oauth2: cannot fetch token: 400 Bad Request
I suspect this happens because email address is missing in the event payload
2019/12/31 20:44:40 [EventHandler] {"id":"00000000-0000-0000-0000-000000000000","email":""}
Which is incorrect, should not happen, this should be fixed and on top of that we probably should add validation for data.
That should be fixing it: #45
I will try to add validation once all is merged. What do you think about using that package ?
ozzo-validation
Edit: noticed that we use realms which are currently being replaced in favor of scopes we can also include that in the list of improvements.
scopes
P.S. Sorry for carrying all those old commits again into the PR, still trying to find my way around the best approach to keep it decoupled and progressing at the same time.
Because we are using CQRS patter, the way I think validation should be done is for value objects to validate incoming data.
So technically for example here:
// ChangeEmailAddress command
type ChangeEmailAddress struct {
ID uuid.UUID `json:"id"`
Email string `json:"email"`
}each property should be a value object (VO), that validates data
// ChangeEmailAddress command
type ChangeEmailAddress struct {
ID uuid.UUID `json:"id"`
Email vo.Email `json:"email"`
}this way you ensures that data passed to the events always conforms to the rules, i dont mind having different validation system that we could for example use in our VOs
but anyway lets first fix/merge current open prs and then we will consider other futures.
scopes are good idea, i am not sure but i dont think we should need to do much here, it should work out of box with current oauth2 implementation
Error: oauth2: cannot fetch token: 400 Bad Request
I suspect this happens because email address is missing in the event payload
2019/12/31 20:44:40 [EventHandler] {"id":"00000000-0000-0000-0000-000000000000","email":""}Which is incorrect, should not happen, this should be fixed and on top of that we probably should add validation for data.
For reference this issue happened due to aggregate root containing invalid state, where after fixing code invalid state remained causing app to break