Recently , worked on a case where user had challenges in creating a webhook for git
We were hitting an exception stating
400 Bad Request from POST http://identity-service-prelide-sb.cluster.local:8000/csp/gateway/am/api/auth/api-tokens/authorize
When we fill all the information needed to save / create the webhook , we hit above exception. So what's happening in the background . We will find all the information w.r.t this error in codestream logs
--------------------------------------------------------------------------------------------------------------------------
When an API call is made to authorize
--------------------------------------------------------------------------------------------------------------------------
2022-05-24T02:13:15.501Z DEBUG codestream [host='codestream-app-74cd595686-6vxfc' thread='parallel-9' user='' org='' trace='' parent='' span=''] o.s.w.r.f.client.ExchangeFunctions.traceDebug:119 - [4baaf594] HTTP POST http://identity-service.prelude.svc.cluster.local:8000/csp/gateway/am/api/auth/api-tokens/authorize
--------------------------------------------------------------------------------------------------------------------------
This returns a 400 response stating invalid refresh token
--------------------------------------------------------------------------------------------------------------------------
2022-05-24T02:13:15.895Z INFO identity-service [host='identity-service-app-7857cb8674-4v5nq' thread='pool-3-thread-1' user='' org='' trace=''] com.vmware.identity.rest.RestClient.lambda$logRequest$1:74 - POST https://sso.iaas.nz.service.test/SAAS/API/1.0/oauth2/token?grant_type=refresh_token
2022-05-24T02:13:15.916Z ERROR identity-service [host='identity-service-app-7857cb8674-4v5nq' thread='reactor-http-epoll-3' user='' org='' trace=''] c.v.i.c.RestResponseEntityExceptionHandler.logBriefError:213 - Handling bad request exception: java.lang.IllegalArgumentException: REST error received: {
"error": "invalid_grant",
"error_description": "Invalid refresh token: Njg3MDIxNjg2MjI0OmsuDq93TLejOHGxNc0uR5eMuskn"
}, status code: 400 BAD_REQUEST
thrown at com.vmware.identity.common.util.WebClientUtil.handleException:36
2022-05-24T02:13:15.916Z INFO identity-service [host='identity-service-app-7857cb8674-4v5nq' thread='reactor-http-epoll-1' user='' org='' trace=''] reactor.netty.http.server.AccessLog.info:270 - 10.244.0.76 - - [24/May/2022:02:13:15 +0000] "POST /csp/gateway/am/api/auth/api-tokens/authorize HTTP/1.1" 400 303 8080 414 ms
--------------------------------------------------------------------------------------------------------------------------
After exception in identity-service, codestream throws the same exception
--------------------------------------------------------------------------------------------------------------------------
2022-05-24T02:13:15.916Z DEBUG codestream [host='codestream-app-74cd595686-6vxfc' thread='reactor-http-epoll-12' user='' org='' trace='' parent='' span=''] o.s.w.r.f.client.ExchangeFunctions.traceDebug:119 - [4baaf594] [166c65f5-1] Response 400 BAD_REQUEST
2022-05-24T02:13:15.918Z INFO codestream [host='codestream-app-74cd595686-6vxfc' thread='reactor-http-epoll-10' user='' org='' trace='' parent='' span='] reactor.netty.http.server.AccessLog.info:270 - 10.244.0.63 - - [24/May/2022:02:13:15 +0000] "POST /codestream/api/git-webhooks HTTP/1.1" 400 330 8000 438 ms
The reason for exception is that there is a section called API Token in WebHooks. This API token is the refresh token generated from vRA
This token has to be valid
Once this was changed and a valid token was provided , we were able to save the webhook or create it.
One more method to verify if the token is expired is through the API response
The Expires HTTP header contains the date/time after which the response is considered expired. Invalid expiration dates with value 0 represent a date in the past and mean that the resource is already expired
Comments