Kia ora all, I'm writing a library to integrate one of our services with DSpace 7.6 and I'm having an issue with the REST API that occurs when I run integration tests.
Every so often, a call to the REST API will return an HTTP 401 Unauthorized, despite being logged in as an admin account, the JWT not having expired, and correctly sending the CSRF header and cookie. Looking at the logs, it seems that DSpace is detecting the JWT as invalid. However, the *same* token is used both before and after this point without issue, as shown below: 2023-11-14 11:28:52,796 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username: [email protected] 2023-11-14 11:28:52,864 WARN unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ 0:0:0:0:0:0:0:1 tried to use an expired or non-valid token 2023-11-14 11:28:52,968 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username: [email protected] This occurs even I if I add a check to the /authn/status endpoint to ensure that the client is still authenticated before making each call. The only related oddity I've managed to note in the logs is that the EPerson for the user is mostly blank: 2023-11-14 11:28:52,913 DEBUG unknown 4eb31978-f7fd-414f-851c-a9a0d7071efe org.hibernate.internal.util.EntityPrinter @ org.dspace.eperson.EPerson{handles=<uninitialized>, metadata=<uninitialized>, salt=[redacted], lastActive=2023-11-14 11:28:51.279, sessionSalt*=*, netid=null, resourcePolicies=<uninitialized>, requireCertificate=false, groups=<uninitialized>, digestAlgorithm=SHA-512, selfRegistered=false, canLogIn=true, password=[redacted], legacyId=null, id=41784848-fe6c-4b7e-82db-c81fe3c89f6e, [email protected]} But for other calls it's populated correctly. Ngā mihi nui, Ori -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/544c2a48-a00a-4a0b-95fc-6158d66ac68fn%40googlegroups.com.
