Comments (13)
Interestingly, I'm hitting the 401 error on my first attempt to log in to the dashboard via Google. Perhaps I have something misconfigured, so let me dive into this a bit deeper and see what I find.
from cumulus.
I spent a bit more time on this and confirmed the behavior you are experiencing. It looks like the internet confirms it as well.
However, that SO post suggests another possible solution: adding a parameter of prompt
with a value of consent
to the authorization URL. This will cause authorization with Google to always return a refreshToken. The downside is that it will also ask you to re-authorize the app every time you login. I tested this solution locally and it seemed to resolve the issue as well.
There might be some minor annoyance to authorizing the app every time you login via Google, but just to be clear it is not asking you to re-authenticate (re-enter your username/password) every time. You just have to re-click your account name to authorize it for login:
I'm also somewhat hesitant about removing the refreshToken
as a required field in the schema, because for Earthdata login it is necessary to support automatic session refreshes. So If we removed it as a required field and had some future regression where refreshTokens were not returned for EDL, then session refreshes would ultimately fail, but we wouldn't get the same immediate feedback from the schema failure on login.
I'm inclined towards the prompt=consent
as the solution here. What do you think?
cc @yjpa7145 - Do you have any thoughts on the preferred solution here?
from cumulus.
yeah, I veered towards the schema solution mostly because I saw it as a bit of a nuisance for the auth prompt every time from a UX perspective. that said, you make a fair argument, especially considering Earthdata is the larger use case here and i wouldn't consider getting prompted again a dealbreaker, especially given that it errors at the moment
another consideration is how oauth providers other than google handle a similar situation, though I'm generally not familiar with the technicalities of the standard. perhaps that could help make an argument one way or another. i can try to dig a little on that if it's a worthwhile consideration
from cumulus.
I'm also somewhat hesitant about removing the
refreshToken
as a required field in the schema, because for Earthdata login it is necessary to support automatic session refreshes. So If we removed it as a required field and had some future regression where refreshTokens were not returned for EDL, then session refreshes would ultimately fail, but we wouldn't get the same immediate feedback from the schema failure on login.
If there are going to be cases where an access token does not have a refresh token, I don't have a problem with making that an optional field. If the concern is that Earthdata Login could change and not send a refresh token back, we could always add an explicit check here:
cumulus/packages/api/lib/EarthdataLogin.js
Lines 143 to 144 in db55cac
from cumulus.
@colbyfayock Are you using the Cumulus Dashboard when this is happening?
from cumulus.
@yjpa7145 yup - cumulus dashboard
from cumulus.
OK. I'm fine to go with dropping refreshToken as a required field and adding more strict checks for Earthdata login if necessary.
@colbyfayock - Our integration tests still don't run correctly on forked PRs, which blocks the PR from getting merged. So I'm going to copy your changes into another branch I create, submit a PR from that branch, and close your PR. I'm sorry, I know this is a non-ideal workflow.
from cumulus.
@markdboyd no worries, I saw that part in the contrib guide so was expecting it :) thanks for the heads up
from cumulus.
thanks @markdboyd - any idea when i can expect this in a release available via npm?
from cumulus.
We don't have a release date for the next release yet.
What is your use case for Cumulus? Is this a major blocker for you?
from cumulus.
We're using it for a data processing pipeline. Not a major blocker at the moment.
from cumulus.
@colbyfayock This has been released in 1.11.3
from cumulus.
@laurenfrederick awesome, thanks for the heads up 🙌
from cumulus.
Related Issues (20)
- Archive: RSA key script should not redirect stderr to stdout when copying public key
- Archive: Simplify fetch_or_create_rsa_keys.sh script to include diagnostic output HOT 1
- Cumulus & Data-Persistence: Add ability to choose lifecycle.prevent_destroy property HOT 2
- An update to the `buckets` object in `variables.tf` doesn't update the `workflow_template.json` file in S3 HOT 2
- Add cumulus-message-adapter-tf module output to match cumulus-tf input
- Thanks for the 👕 and 🍪
- General questions, whom to contact? HOT 1
- Hyrax update fails when a CMR metadata record doesn't exist in the payload HOT 9
- docs/README.md contains broken links HOT 2
- Broken link in PostgreSQL Deployment docs HOT 1
- 404 File Not Found | broken link in the quality-and-coverage markdown HOT 1
- Broken link from Getting Started documentation
- Discover Granules workflow failures when Granule files missing from Cumulus Collections configuration
- What is Cumulus HOT 1
- Allow aws_ecs_task_definition to have a configurable healthcheck
- MoveGranules documentation is incorrect for task config `bucket` HOT 1
- Cumulus install failed HOT 4
- S3 Replicator appends a `/` to target and source prefix
- Reusable module provider versions should be pinned using `>=` constraint instead of `~>` HOT 1
- Skip DMR++ link publication to CMR
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cumulus.