I have a rails api using devise-token-auth. Recently I was on really spotty/slow Wifi and I noticed I was getting 401's from my app. My theory is that the refreshing auth token is either being lost and delayed by the bad network. That being said, I'm having a hard time reproducing the bug itself.
Three primary questions:
Could a spotty Wifi/network connection lead to 401s, due to loss or delay of the new auth-token. And if this is the case, is there a way to recover without needing the user to log back in.
How to reproduce such an environment, so I can debug this scenario.
I was able to reproduce it by delaying the server response using a debugger. In my case, this happens when I enable change_headers_on_each_request config, so when the response which carries the new tokens fails the next responses throw 401 code.
I recently sent an issue to the gem explaining this and asking how can I handle this situation on the frontend.
Related
I am using Stripe gem in my rails application, it's working fine in the development environment but in my production environment getting an exception.
Stripe::APIError: (Status 409) with message There is currently another in-progress request using this Idempotent Key (that probably means you submitted twice, and the other request is still going through).
How can I rescue this or handle this exception?
Any help would be appreciated.
The retry logic is supposed to be for when your application doesn't know Stripe's response, primarily during network issues likes timeouts. In this case your server received a response from stripe and one of two things could be happening. Either you're retring the same event that is currently in progress /or/ the event in progress is actually different than the one you're trying but given some issue in your application stack you actually chose the same indempotency token for two api requests.
For further details please read this link :- https://stripe.com/docs/api/idempotent_requests
I support a Rails 4 app used for remote project reporting. One of the team insists that she used the tool on several occasions to report her data, double-checked it to ensure it had been entered properly, then later discovered it was all gone. I found evidence of her authentication (Devise gem) in the production logs, but no trace of her reporting activity--not even the GET requests that would be necessary to begin her work.
Is it even possible for Rails to suppress logging events in this manner, when they are working for every other user?
If it is not possible, does it suggest that the claim is unreliable? (trust me, I'm not pre-assuming this)
Unfortunately, the user is no longer involved in the project and is not responding to requests. Also, the absence of necessary POST events is borne out by a client-facing logging feature as well.
Rails logs all requests the moment a GET hits the server, before authentication happens. It is most improbable that logged requests by a single user can be suppressed, unless the default middleware stack is modified.
I'd go with Occam's Razor.
I have an application with claims based authentication and recently I have been having an issue where at random I lose authentication. The application usually gets it's Identity, Claims information from System.Security.Claims.ClaimsIdentity and it authorizes fine. For some reason after clicking around different pages I lose authentication and it seems to be looking in System.Security.Claims.WindowsIdentity and it exits with a null exception as there is now no more authorization information. I am also using IdentityServerV3. I apologise for the lack of specific technical data but was wondering if anyone has ever had this issue. There is no specific time that this does this after as I first thought it might be expiring. It happens very randomly. I have included screen grabs:
This was when I was authorized
and this was 10 seconds later
If you need any further infromation let me know and thanks in advance!
I had similar issue where losing authentication randomly, caused by three reasons I can remember,
1) multiple threading - code was executed by a different thread that doesn't have identity context
2) cookie size exceeded browser limit authentication cookie get chunked when pass back to server
3) identity server hosted in multiple instances and identity server configured to store token in memory.
Regarding your case, my gut feel which might be completely red herring, is the 1) which the thread executing your code 10 sec later is under a different identity context , I would suggest try to verify any path of your code can by multiple threading first, at the mean time check the thinktecture log that can be found in output window if you are using default logging provider to see if anything suspicious
Hope it helps
Hey I'm developing an iOS application which communicates with an external web service in order to make various kinds of requests.
I'm aware of Murphy's Law "Anything that can go wrong, will go wrong" and that made me think about timeouts. Currently my application does not handle the situation when a request get completed and times out simultaneously. How should I handle such situations?
Without cooperation from the service provider there's not a lot you can do. If your app sees a timeout it cannot from that deduce whether the request actually completed or not. Could be it worked and something in the infrastructure failed to deliver the response, could be that it failed and hence you saw no timely response.
You have some actions you can take that will help the user. I assume that you have available to you the details of the request you attempted to send, your app should keep that locally. You are now in a position to do some useful things:
Some service authors allow you to safely submit the same request twice. So just resubmit, if it previously worked the service will just say "yep, already done that, here's the details|, if not it will just do the work as normal.
Some service authors allow you to query the status of previous request, so you can determine what has been done and what has not.
In some cases there is no IT system way to deal with the problem, the user will need to contact a help desk or call centre. Here having the details of what was previously attempted can be very useful.
I am using Twitter4j version 3.0.3.
I am trying to pull follower id and using OAuth. I have been using Twitter4j for years and am relatively experienced with the framework.
However something strange is happening: My program will run fine and then intermittently throw the following stack trace:
Exception in thread "main" 401:Authentication credentials (https://dev.twitter.com/pages/auth) were missing or incorrect. Ensure that you have set valid consumer key/secret, access token/secret, and the system clock is in sync.
{"request":"\/1.1\/followers\/ids.json?user_id=20801287&cursor=-1&include_entities=1&include_rts=1","error":"Not authorized"}
Relevant discussions can be found on the Internet at:
http://www.google.co.jp/search?q=92c30ec6 or
http://www.google.co.jp/search?q=19400604
TwitterException{exceptionCode=[92c30ec6-19400604], statusCode=401, message=null, code=-1, retryAfter=-1, rateLimitStatus=RateLimitStatusJSONImpl{remaining=6, limit=15, resetTimeInSeconds=1362898120, secondsUntilReset=890}, version=3.0.3}
at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:177)
at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:61)
at twitter4j.internal.http.HttpClientWrapper.get(HttpClientWrapper.java:89)
at twitter4j.TwitterImpl.get(TwitterImpl.java:1817)
at twitter4j.TwitterImpl.getFollowersIDs(TwitterImpl.java:400)
It throws the above at the following line:
IDs ids= twitter.getFollowersIDs(id,cursor);
The above line executes just fine and then without warning fails.
Note: I am checking rate limits and the last time I encountered this the rate limit JSON object pulled by the following line was (below):
RateLimitStatus rls=twitter.getRateLimitStatus().get("/followers/ids")
RateLimitStatusJSONImpl{remaining=7, limit=15, resetTimeInSeconds=1362898120, secondsUntilReset=890}
I thought this might have been an intermittent thing with Twitter, but it has been going on for a few days now.
I've tried it from various machines but get exactly the same problem.
The call fails in this manner, once in approximately 20 calls.
I have also read the similar questions on SE:
Twitter4j 401 Authentication -- However, this is a case where OAuth was not working -- in my case it seems to be working fine until of course when it doesn't.
twitter4j: getting credential errors even though i had set them? -- again not much here that is similar to my case.
Problem in Oauth with twitter4j -- suggest registering the app as a web-app, which I've done, I've filling in the callback url (though it does nothing), but still no luck.
The exception seems to be caused by ids of twitter profiles that may be private.