[
https://issues.apache.org/jira/browse/USERGRID-1319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15608121#comment-15608121
]
Jaskaran commented on USERGRID-1319:
------------------------------------
[~mrusso] - we added the properties you suggested, but the issue is still
occurring when using the client_id & client_secret.
Please note we are using a slightly older version of the Master Branch, from 2
September 2016 (SHA: 9fae8037a4b881e9c13a5a1f23f71dc34e950c40)
The reason for using an older version of the master is due to the issue
mentioned below (Startup fails in Tomcat):
https://mail-archives.apache.org/mod_mbox/usergrid-user/201610.mbox/%3CCADMuE9hpXFfdn4zFL4LrXBPJ_NPW49GLDEMspVXJniPORu6LOw%40mail.gmail.com%3E
Please advise if you need any further inputs or tests or data from my side.
Thanks
> client_id & client_secret Errors (2.2.0)
> ----------------------------------------
>
> Key: USERGRID-1319
> URL: https://issues.apache.org/jira/browse/USERGRID-1319
> Project: Usergrid
> Issue Type: Bug
> Components: Stack
> Affects Versions: 2.2.0
> Environment: OS: Ubuntu 14.04;
> Cassandra version: 2.2.6 (DataStax);
> Elasticsearch version: 1.4.4;
> Tomcat version: 7;
> JDK version: 1.8.0_65 (Oracle);
> Usergrid version: 2.2.0 (Master branch, 2nd Sep, SHA:
> 9fae8037a4b881e9c13a5a1f23f71dc34e950c40)
> Reporter: Jaskaran
> Fix For: 2.2.0
>
>
> We are migrating our application from 1.0.2 to 2.2.0 (Master branch, 2nd
> September, SHA: 9fae8037a4b881e9c13a5a1f23f71dc34e950c40). We have observed a
> new issue (in 2.2.0, Master branch), while using valid client_id &
> client_secret. Below is a sample request and response.
> Request:
> http://<server>/<org>/<app>/users?client_id=<client_id>&client_secret=<client_secret>
> Response:
> Http 401 Unauthorized
> {
> "error": "unauthorized",
> "timestamp": 1475131455582,
> "duration": 0,
> "error_description": "Subject does not have permission to access this
> resource",
> "exception": "org.apache.usergrid.rest.exceptions.SecurityException"
> }
> Notes on the Error and Observations:
> (1) The unauthorised error (with client_id and client_secret) is random (but
> quite frequent) - ‘suddenly’ all Usergrid API calls fail.
> (2) On its own, after some times (few hours), the same call with same
> client_id and client_secret will start working again.
> (3) The problem is NOT related to Loading of the system. It occurs during
> NO-LOAD conditions as well.
> (4) We have tested and ‘not’ observed this issue (with client_id and
> client_secret) with 2.1.0 and 1.0.2 releases.
> (5) Interestingly, the user access tokens (access_token) ‘always’ works with
> 2.2.0 - it is the current workaround we’re using.
> Note, since admin token expires in 7 days - we can not continue using this
> workaround approach (user access_token).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
