macdoor615 created NIFI-10322:
---------------------------------
Summary: invalid_token error after OpenID connect session timeout
Key: NIFI-10322
URL: https://issues.apache.org/jira/browse/NIFI-10322
Project: Apache NiFi
Issue Type: Bug
Components: Core UI
Affects Versions: 1.17.0
Reporter: macdoor615
Fix For: 1.18.0
Attachments: image-2022-08-05-22-48-17-835.png,
image-2022-08-05-22-48-52-057.png
I follow
[https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect] to
config NIFI 1.16.3 and it is work properly. If the session times out, login
again and it will work again
I configured 1.17.0 in the same way. I can login and operate nifi UI. But when
session times out. I got the following error.
{code:java}
Unauthorized error="invalid_token", error_description="An error occurred while
attempting to decode the Jwt: Expired JWT",
error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
!image-2022-08-05-22-48-17-835.png|width=758,height=108!
I try to login again and get a new error, and I cannot enter the NIFI interface.
{code:java}
Unauthorized error="invalid_token", error_description="An error occurred while
attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected,
or no matching key(s) found",
error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"{code}
!image-2022-08-05-22-48-52-057.png|width=594,height=143!
I did some research, and found
After the session times out,
NIFI 1.16.3 leaves 3 cookies in browser:
* nifi-logout-request-identifier
* nifi-oidc-request-identifier
* __Secure-Request-Token
NIFI 1.17.0 leaves 2 cookies:
* *__Secure-Authorization-Bearer*
* __Secure-Request-Token
__Secure-Authorization-Bearer cookie contains a expired JWT:
{code:java}
eyJraWQiOiJhMDlhZDhlMy0xZDkzLTQyZTEtYjg0Ni0xMWU0ODRkODYwYWYiLCJhbGciOiJQUzUxMiJ9.eyJzdWIiOiJhZG1pbi5uaWZpQGd1bWhiMy5jb20iLCJhdWQiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwibmJmIjoxNjU5NjExOTc0LCJpc3MiOiJodHRwcyUzQSUyRiUyRjM2LjEzMy41NS4xMDAlM0E4OTQzJTJGcmVhbG1zJTJGenpub2RlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ubmlmaUBndW1oYjMuY29tIiwiZXhwIjoxNjU5NjEyMjc0LCJpYXQiOjE2NTk2MTE5NzQsImp0aSI6IjFiZTg5MjU4LTliZmYtNDhmOS04OGNmLWU0NDIzMDZjYzg4ZCJ9.Y9yE0hNH_q-W94_cFWOWGc7TPMP2xB9coaSRPT9twYqSyjTtudOiiXGxHEDUWsOvUFf7lT7wNH4RZ_LhOM-5WfTZ3o-DCVFnl0JjeZ-L9d-z3rO4dEspRxXpr46AewEGy_lpstSUFyihr4i8b2VI7IT0aFOCGAIXRWl7gfH75e5La_0tbsu9lgSRdyYBBv8rSjojJC5bBSqxj-BkrfjdMhyMuF9OdMCJNmyh18BrXbavwftNerytkd_Qf9eNLmzsZ3SOdKWpftKt4kClD_KeL0nOglhM-ENyb4QLwxr7l5lhUgQ-2am3x5okbRyYip_WV4YQ6DfmUnLL1FYFATWXa5CUimSRbSZzkqU2JEYerpvKsTf-prdsSNryPbrQdf5HqpwhlGbFrgm4jwtncZHTLEL4ZMciVe0H-zIcQ9vyDqamMpf6fyNWmQN8DdDP9A0Zpo7SL7yhOUjNGsjk1gV4OAHWgp4XQzj4KwoGf7ICjeOrzinECHFZw9Ccyi8KMooRx4u3oAuKPEx3mrZFNFDaiAzWX0kZ31c24-15cno2bLBMGOIx7ipjb6Pv7V6O9S2aA2vC3eVLnfAgHAox3I8_IzWLUKddHCqd6cfA1XW8ckSgg2QddKvgYHiCZpwVV4AMDpK4bI1J0ZbxbgOOke9IMMudNhZUFQdWJIXh-gx1bII{code}
I manually delete __Secure-Authorization-Bearer cookie, and I can login NIFI
1.17.0 again.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
