Error for idp token expire even if IdpSignKeyRefreshEnabled enabled #546

Closed
opened 2025-11-20 05:13:30 -05:00 by saavagebueno · 2 comments
Owner

Originally created by @Fantu on GitHub (Dec 12, 2023).

Hi, I have netbird selfhosted that use idp google, initially after some days always make impossible login until reboot.
After found "IdpSignKeyRefreshEnabled" I enabled it and for long time I not had issue.
Today same issue appaired (at least seems), here latest logs before reboot (after reboot return to work correctly):

infrastructure_files-management-1  | 2023-12-12T09:12:27Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
infrastructure_files-management-1  | 2023-12-12T09:12:27Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4056351373: GET /api/users status 401
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/jwtclaims/jwtValidator.go:158: error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/middleware/auth_middleware.go:65: Error when validating JWT claims: Error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1058967340: GET /api/users status 401
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/jwtclaims/jwtValidator.go:158: error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/middleware/auth_middleware.go:65: Error when validating JWT claims: Error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3694887989: GET /api/users status 401
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/jwtclaims/jwtValidator.go:158: error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/middleware/auth_middleware.go:65: Error when validating JWT claims: Error parsing token: unable to find appropriate key
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
infrastructure_files-management-1  | 2023-12-12T09:12:28Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3769408553: GET /api/groups status 401

I couldn't keep it not working for more in-depth debugging because we needed to use it, let me know if there is any more data I can provide even if the problem is no longer occurring.

Originally created by @Fantu on GitHub (Dec 12, 2023). Hi, I have netbird selfhosted that use idp google, initially after some days always make impossible login until reboot. After found "IdpSignKeyRefreshEnabled" I enabled it and for long time I not had issue. Today same issue appaired (at least seems), here latest logs before reboot (after reboot return to work correctly): ``` infrastructure_files-management-1 | 2023-12-12T09:12:27Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid infrastructure_files-management-1 | 2023-12-12T09:12:27Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4056351373: GET /api/users status 401 infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/jwtclaims/jwtValidator.go:158: error parsing token: unable to find appropriate key infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/http/middleware/auth_middleware.go:65: Error when validating JWT claims: Error parsing token: unable to find appropriate key infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1058967340: GET /api/users status 401 infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/jwtclaims/jwtValidator.go:158: error parsing token: unable to find appropriate key infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/http/middleware/auth_middleware.go:65: Error when validating JWT claims: Error parsing token: unable to find appropriate key infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3694887989: GET /api/users status 401 infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/jwtclaims/jwtValidator.go:158: error parsing token: unable to find appropriate key infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/http/middleware/auth_middleware.go:65: Error when validating JWT claims: Error parsing token: unable to find appropriate key infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid infrastructure_files-management-1 | 2023-12-12T09:12:28Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3769408553: GET /api/groups status 401 ``` I couldn't keep it not working for more in-depth debugging because we needed to use it, let me know if there is any more data I can provide even if the problem is no longer occurring.
Author
Owner

@surik commented on GitHub (Dec 12, 2023):

Hi @Fantu for my better understanding I have a few questions. Does the issue persist or just happen once? Does the refresh of the page in the browser help to solve it? Can you specify the versions of management, client, and dashboard you are using?

@surik commented on GitHub (Dec 12, 2023): Hi @Fantu for my better understanding I have a few questions. Does the issue persist or just happen once? Does the refresh of the page in the browser help to solve it? Can you specify the versions of management, client, and dashboard you are using?
Author
Owner

@Fantu commented on GitHub (Dec 12, 2023):

Thanks @surik for reply.
For now is happened once, but should not be happen, or I'm wrong? is not good that still have and when happen users can't login until docker containers restart.
I'm not expert of docker, I don't know if this the correct way to found the container version in use from latest update 2 months ago:

docker images
REPOSITORY              TAG       IMAGE ID       CREATED        SIZE
wiretrustee/dashboard   latest    15f1a26c76e5   2 months ago   126MB
netbirdio/management    latest    83e0862dc03b   2 months ago   157MB
netbirdio/signal        latest    e226c5001c6a   2 months ago   33.1MB
coturn/coturn           latest    d5bb7d7354ee   2 months ago   160MB
netbirdio/management    <none>    cefef30d0c04   3 months ago   156MB
netbirdio/signal        <none>    4d825a416828   3 months ago   33MB
wiretrustee/dashboard   <none>    856d474a14e5   3 months ago   126MB
coturn/coturn           <none>    48088fc70e13   5 months ago   150MB

supposing the "latest" are running I tried with them id:

docker image inspect --format '{{json .}}' "15f1a26c76e5" | jq -r '. | {Id: .Id, Digest: .Digest, RepoDigests: .RepoDigests, Labels:
...
  "RepoDigests": [
    "wiretrustee/dashboard@sha256:2c9e4120aee0921b93bf7eb1cda120f25f93a62c5aa7510acd5b5a9b94c7ba4b"
  ],
...
    "org.opencontainers.image.url": "https://github.com/netbirdio/dashboard",
    "org.opencontainers.image.version": "v1.17.2"
docker image inspect --format '{{json .}}' "83e0862dc03b" | jq -r '. | {Id: .Id, Digest: .Digest, RepoDigests: .RepoDigests, Labels: 
...
  "RepoDigests": [
    "netbirdio/management@sha256:205efdaeb0e48b565e60403fd9ed094ff29749a7116d471c04f4e37e17f4c1e1"
  ],
...
    "org.opencontainers.image.title": "netbird",
    "org.opencontainers.image.version": "0.23.9"
docker image inspect --format '{{json .}}' "e226c5001c6a" | jq -r '. | {Id: .Id, Digest: .Digest, RepoDigests: .RepoDigests, Labels:
...
  "RepoDigests": [
    "netbirdio/signal@sha256:fdca64c3f7da1f7e4bc019d9d3f0928aaa3847cf5940ae51766f652b8371fddd"
  ],
...
    "org.opencontainers.image.title": "netbird",
    "org.opencontainers.image.version": "0.23.9"

If I did wrong can you please tell me the right way please? and probably will be good to add in a docs from useful thing for take data to report for issues.

@Fantu commented on GitHub (Dec 12, 2023): Thanks @surik for reply. For now is happened once, but should not be happen, or I'm wrong? is not good that still have and when happen users can't login until docker containers restart. I'm not expert of docker, I don't know if this the correct way to found the container version in use from latest update 2 months ago: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE wiretrustee/dashboard latest 15f1a26c76e5 2 months ago 126MB netbirdio/management latest 83e0862dc03b 2 months ago 157MB netbirdio/signal latest e226c5001c6a 2 months ago 33.1MB coturn/coturn latest d5bb7d7354ee 2 months ago 160MB netbirdio/management <none> cefef30d0c04 3 months ago 156MB netbirdio/signal <none> 4d825a416828 3 months ago 33MB wiretrustee/dashboard <none> 856d474a14e5 3 months ago 126MB coturn/coturn <none> 48088fc70e13 5 months ago 150MB ``` supposing the "latest" are running I tried with them id: ``` docker image inspect --format '{{json .}}' "15f1a26c76e5" | jq -r '. | {Id: .Id, Digest: .Digest, RepoDigests: .RepoDigests, Labels: ... "RepoDigests": [ "wiretrustee/dashboard@sha256:2c9e4120aee0921b93bf7eb1cda120f25f93a62c5aa7510acd5b5a9b94c7ba4b" ], ... "org.opencontainers.image.url": "https://github.com/netbirdio/dashboard", "org.opencontainers.image.version": "v1.17.2" ``` ``` docker image inspect --format '{{json .}}' "83e0862dc03b" | jq -r '. | {Id: .Id, Digest: .Digest, RepoDigests: .RepoDigests, Labels: ... "RepoDigests": [ "netbirdio/management@sha256:205efdaeb0e48b565e60403fd9ed094ff29749a7116d471c04f4e37e17f4c1e1" ], ... "org.opencontainers.image.title": "netbird", "org.opencontainers.image.version": "0.23.9" ``` ``` docker image inspect --format '{{json .}}' "e226c5001c6a" | jq -r '. | {Id: .Id, Digest: .Digest, RepoDigests: .RepoDigests, Labels: ... "RepoDigests": [ "netbirdio/signal@sha256:fdca64c3f7da1f7e4bc019d9d3f0928aaa3847cf5940ae51766f652b8371fddd" ], ... "org.opencontainers.image.title": "netbird", "org.opencontainers.image.version": "0.23.9" ``` If I did wrong can you please tell me the right way please? and probably will be good to add in a docs from useful thing for take data to report for issues.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#546