API Client 401 status

Hello, i made a very basic client for the NF API, it works without any problem when i run this app locally on my computer.
As soon as i upload to a EC2 in a AWS VPC, i get a 401 error when i try to authenticate/get token.

see


for dump

It’d be best if you could remove your client_secret from that gist. I reached out for some help from a platform api gent - he’s taking a look.

Are you sure the gist copy/pasted properly? It seems to be maybe missing continuation characters? Are you 100% certain that it was copy/pasted properly? (just asking to be sure) We tried it locally and got 401’s locally too which makes us think that it’s a copy/paste problem? If you check things over and feel like it’s not a copy/paste issue - i think you’d be best filing a support case on this one via https://support.netfoundry.io/hc/en-us

No worries, after the paste in gist the client_secret was changed, the one pasted is not valid anymore.

Yes, maybe there’s a paste problem. But this paste is only as debug/log purposes of this ticket.
What im using is a python app that i made, this app works ok when in my computer and get’s the 401 when is uploaded to the EC2.

regards

Ok great news wrt the secret. The content and format looks right and if it works locally but not in AWS I don’t have a good answer as to what might be different but something probably is different between the local and aws env.

i have no explanation :slight_smile: it’s not python related, nothing to do with curl requests (curl on my computer works ok). it’s something with the EC2, but the 401 is on the other end, i dont know.
too late now, will see tomorrow

I think i have an explanation now, taking a guess, not sure (need to wait a few hours to confirm).

the access_token obtained from auth0 has a TTL of 86400, as i’m coding the new app, im constantly requesting new tokens and not storing the obtained one. I believe i requested to many concurrent tokens and that’s why auth0 is telling me ‘no more my friend’

So, ill wait for every requested token expires and modify my code to encrypt and locally store the token to be reused if the app restarts.

API docs shows nothing about a call to force expire or logout.

Sounds like you’re making good progress!
While I’m not aware of any throttling on the Auth0 side, it’s definitely good practice to use the token as long as it’s valid and not request fresh ones unnecessarily.

As for the logout feature: once you have a signed JWT from the authority, there’s no way to invalidate it. However, we have implemented a logout API endpoint to mark the token as invalid.

curl 'https://gateway.production.netfoundry.io/identity/v1/logout' \
-H 'accept: application/json, text/plain, */*' \
-H 'authorization: Bearer ...' \
-H 'content-type: application/json' \
--data-binary '{}' \
--compressed

I’ll create a task for us to update the docs.

Hi! update. Never get out of 401, so what i did was, in the nfconsole deactivate the API key and build a new one. No more 401 with that.
Logout worked ok too!! thanks