Session token not found or invalid #347
Comments
|
Sometime also happens when you restart Leapp. SSO Is marked as green, but if you try to start a session, you get Session token not found or invalid |
|
I can confirm. The same reappeared for me also some days ago. |
|
And perhaps if you do a logout/login again it will work as expected? |
|
Most of the time this helps but is not a great UX. |
Yes, it does. It's the only way i have to start using again. |
|
Agree with @hoegertn, this is not the best UX possible, I think this is still a bug |
|
@ericvilla informed me that this is pertinent info: I also run into this every once in a while (it's pretty rare), and I have a |
I know, I requested just to try to understand where the problem lies |
|
To test the AWS SSO Integration code, we set a fake expiration 2 minutes after the sign-in; in addition, we set the AWS SSO Sessions rotation to happen every 60 seconds. We used this configuration to force a new login after two minutes; it worked. We need to further investigate the reported issue; any additional info that you can provide is critical for us during the debugging phase. Please, let us know if there is any other context information that is missing in the GitHub Issue description (e.g. in-app operations, AWS SSO integration with external IdPs, etc.). Thanks! |
|
Hello, we use in-app operation, SSO integration is with our AD domain. I don't know which other infos i can provide you. |
|
Hi @remixtj, we weren't able to reproduce the error, even by removing network connectivity. To give you the possibility to provide more info to reproduce it, we're going to refactor the logging system to include the stack trace that, as far as now, points to .js file (transpiled version) |
|
Let me know when i can make tests, me and other colleagues are struggling with this issue. |
|
Myself and another team member are also running this. The workaround is just to log out and log into the integration. But also tired of doing this 😆 It seems to happen after leaving a session running for a few hours. In my keychain I have an old We're on MacOS 12.6 and I'm using Leapp 0.15.0. @ericvilla let me know when the more verbose logs are available and how I can retrieve those if this happens again. |
|
I am also having this issue Mac Os 12.5.1 Leapp 0.15.1 Leapp-cli 0.1.23 |
|
Hi everyone, we managed to restrict the portion of code that generated that issue. It seems the accessToken - generated during the AWS SSO OIDC login - expires before the expected 8hrs (as documented by AWS). Therefore, we applied a forced refresh of the accessToken when the getRoleCredentials call fails. In particular, we added an optional forceRefresh parameter to the getAccessToken method. It triggers a new OIDC login flow that, if you are already logged into AWS SSO, requires you to allow the device authorization request. let accessToken = await this.awsIntegrationDelegate.getAccessToken(session.awsSsoConfigurationId, region, portalUrl);
let credentials;
try {
credentials = await this.awsIntegrationDelegate.getRoleCredentials(accessToken, region, roleArn);
} catch (err) {
accessToken = await this.awsIntegrationDelegate.getAccessToken(session.awsSsoConfigurationId, region, portalUrl, true);
credentials = await this.awsIntegrationDelegate.getRoleCredentials(accessToken, region, roleArn);
}Still, we're going to investigate the OIDC device authorization flow, as it is related to an expiration value too. |
|
Hi everyone! We've generated a nightly build that implements the solution described in the last comment. We're going to provide the installation packages link in the 07-leapp-development channel of the TOPS Community. |
|
Hi, I have Leapp 0.24.6 on Mac M1 and still getting this error (AWS SSO). Logging out makes it work again. |
Describe the bug
After a while from the login, i can't start a session on a given accout when using SSO.
Leapp Version
0.15.1 and 0.14.3 (did downgrade to check if problem was persisting)
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A session is started, with no error.
** Logs **
First two lines of logs shows a successful operation. Then the problem appeared.
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: