Hi Usergrid Team,
We are migrating our application from 1.0.2 to 2.2.0 (Master branch, 2nd
September, SHA: 9fae8037a4b881e9c13a5a1f23f71dc34e950c40). We have observed
a new issue (in 2.2.0, Master branch), while using valid client_id &
client_secret. Below is a sample request and response.
*Request:*
http://
<server>/<org>/<app>/users?client_id=<client_id>&client_secret=<client_secret>
*Response:*
Http 401 Unauthorized
{ "error": "unauthorized", "timestamp": 1475131455582, "duration": 0,
"error_description": "Subject does not have permission to access this
resource", "exception":
"org.apache.usergrid.rest.exceptions.SecurityException" }
*Notes on the Error and Observations:*
(1) The unauthorised error (with client_id and client_secret) is random
(but quite frequent) - ‘suddenly’ all Usergrid API calls fail.
(2) On its own, after some times (few hours), the same call with same
client_id and client_secret will start working again.
(3) The problem is NOT related to Loading of the system. It occurs during
NO-LOAD conditions as well.
(4) We have tested and ‘not’ observed this issue (with client_id and
client_secret) with 2.1.0 and 1.0.2 releases.
(5) Interestingly, the user access tokens (access_token) ‘always’ works
with 2.2.0 - it is the current workaround we’re using.
Note, since admin token expires in 7 days - we can not continue using this
workaround approach (user access_token). We have also also opened a JIRA
for this issue:
https://issues.apache.org/jira/browse/USERGRID-1319
Please help.
Thanks
Jaskaran
