Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic on JWT token refresh #2460

Closed
plorenz opened this issue Oct 1, 2024 · 0 comments
Closed

Panic on JWT token refresh #2460

plorenz opened this issue Oct 1, 2024 · 0 comments
Assignees
@plorenz
Labels
bug Something isn't working controller Issue related to the controller distributed-control Work related to HA/Raft/other distributed control panic describes a code panic

Comments

@plorenz
Copy link
Member

plorenz commented Oct 1, 2024 

[2024-10-01 13:23:00.556]   ERROR github.com/openziti/xweb/v2.(*Server).wrapHandler.(*Server).wrapPanicRecovery.func2.1: panic caught by server handler: runtime error: invalid memory address or nil pointer dereference
goroutine 4727 [running]:
github.com/openziti/foundation/v2/debugz.generateStack(0x2000, 0x0)
        github.com/openziti/foundation/v2@v2.0.48/debugz/stack.go:38 +0x45
github.com/openziti/foundation/v2/debugz.GenerateLocalStack()
        github.com/openziti/foundation/v2@v2.0.48/debugz/stack.go:33 +0x1a
github.com/openziti/xweb/v2.(*Server).wrapHandler.(*Server).wrapPanicRecovery.func2.1()
        github.com/openziti/xweb/v2@v2.1.1/server.go:163 +0x85
panic({0x375adc0?, 0x5c34d20?})
        runtime/panic.go:785 +0x132
github.com/openziti/ziti/controller/oidc_auth.(*HybridStorage).TokenRequestByRefreshToken(0x4329ce8?, {0xc00401c8a0?, 0xc000ce5930?}, {0xc001132aed?, 0xc000ce5930?})
        github.com/openziti/ziti/controller/oidc_auth/storage.go:582 +0x4a
github.com/zitadel/oidc/v2/pkg/op.GetTokenIDAndSubjectFromToken({0x4329ce8, 0xc00401c8a0}, {0x7973e136ed20, 0xc00325dd40}, {0xc001132aed, 0x5b1}, {0xc0023e3950, 0x2e}, 0x0)
        github.com/zitadel/oidc/v2@v2.12.2/pkg/op/token_exchange.go:294 +0x107
github.com/zitadel/oidc/v2/pkg/op.ValidateTokenExchangeRequest({0x4329ce8, 0xc00401c8a0}, 0xc0016ff6b0, {0xc000ce5930, 0x8}, {0xc000ce5930, 0x0}, {0x7973e136ed20, 0xc00325dd40})
        github.com/zitadel/oidc/v2@v2.12.2/pkg/op/token_exchange.go:227 +0x47d
github.com/zitadel/oidc/v2/pkg/op.TokenExchange({0x4327770, 0xc00401c4e0}, 0xc0036ff400, {0x7973e136ed20, 0xc00325dd40})
        github.com/zitadel/oidc/v2@v2.12.2/pkg/op/token_exchange.go:146 +0x22a
github.com/zitadel/oidc/v2/pkg/op.Exchange({0x4327770, 0xc00401c4e0}, 0xc0036ff400, {0x7973e136ed20, 0xc00325dd40})
        github.com/zitadel/oidc/v2@v2.12.2/pkg/op/token_request.go:55 +0x133
github.com/zitadel/oidc/v2/pkg/op.CreateRouter.tokenHandler.func6({0x4327770, 0xc00401c4e0}, 0xc0036ff2c0)
        github.com/zitadel/oidc/v2@v2.12.2/pkg/op/token_request.go:32 +0xe8
net/http.HandlerFunc.ServeHTTP(0x4329ce8?, {0x4327770?, 0xc00401c4e0?}, 0x42e79b8?)
        net/http/server.go:2220 +0x29
github.com/zitadel/oidc/v2/pkg/op.(*IssuerInterceptor).setIssuerCtx(0x140?, {0x4327770, 0xc00401c4e0}, 0xc0036ff180, {0x42fc240, 0xc001ad3488})
        github.com/zitadel/oidc/v2@v2.12.2/pkg/op/context.go:52 +0x15a
github.com/zitadel/oidc/v2/pkg/op.(*IssuerInterceptor).Handler.func1({0x4327770?, 0xc00401c4e0?}, 0xc0036ff180?)
        github.com/zitadel/oidc/v2@v2.12.2/pkg/op/context.go:28 +0x35
net/http.HandlerFunc.ServeHTTP(0xc0029e6c30?, {0x4327770?, 0xc00401c4e0?}, 0xc0036ff180?)
        net/http/server.go:2220 +0x29
github.com/rs/cors.(*Cors).Handler-fm.(*Cors).Handler.func1({0x4327770, 0xc00401c4e0}, 0xc0036ff180)
        github.com/rs/cors@v1.11.0/cors.go:289 +0x184
net/http.HandlerFunc.ServeHTTP(0xc0036ff040?, {0x4327770?, 0xc00401c4e0?}, 0xc001547350?)
        net/http/server.go:2220 +0x29
github.com/gorilla/mux.(*Router).ServeHTTP(0xc00325de00, {0x4327770, 0xc00401c4e0}, 0xc0036fef00)
        github.com/gorilla/mux@v1.8.1/mux.go:212 +0x1e2
github.com/openziti/ziti/controller/oidc_auth.newHttpRouter.StripPrefix.func5({0x4327770, 0xc00401c4e0}, 0xc0036fedc0)
        net/http/server.go:2282 +0x262
net/http.HandlerFunc.ServeHTTP(0xc0036fec80?, {0x4327770?, 0xc00401c4e0?}, 0x21e1ca0?)
        net/http/server.go:2220 +0x29
github.com/gorilla/mux.(*Router).ServeHTTP(0xc00325dc80, {0x4327770, 0xc00401c4e0}, 0xc0036feb40)
        github.com/gorilla/mux@v1.8.1/mux.go:212 +0x1e2
github.com/openziti/ziti/controller/oidc_auth.NewNativeOnlyOP.func1({0x4327770, 0xc00401c4e0}, 0xc0036fe780)
        github.com/openziti/ziti/controller/oidc_auth/provider.go:58 +0x34b
net/http.HandlerFunc.ServeHTTP(0xc00401c420?, {0x4327770?, 0xc00401c4e0?}, 0x273d7d168d?)
        net/http/server.go:2220 +0x29
github.com/gorilla/handlers.(*cors).ServeHTTP(0xc0013359e0, {0x4327770, 0xc00401c4e0}, 0xc0036fe780)
        github.com/gorilla/handlers@v1.5.2/cors.go:54 +0x335
github.com/openziti/ziti/controller/webapis.OidcApiHandler.ServeHTTP(...)
        github.com/openziti/ziti/controller/webapis/oidc-api.go:93
github.com/openziti/xweb/v2.(*IsHandledDemuxFactory).Build.func1({0x4327770, 0xc00401c4e0}, 0xc0036fe640)
        github.com/openziti/xweb/v2@v2.1.1/demux.go:153 +0x1f1
net/http.HandlerFunc.ServeHTTP(0x30?, {0x4327770?, 0xc00401c4e0?}, 0x1555c4b?)
        net/http/server.go:2220 +0x29
github.com/openziti/xweb/v2.(*DemuxHandlerImpl).ServeHTTP(0xc001547970?, {0x4327770?, 0xc00401c4e0?}, 0x42fb2a0?)
        github.com/openziti/xweb/v2@v2.1.1/demux.go:48 +0x26
github.com/openziti/xweb/v2.(*Server).wrapHandler.(*Server).wrapSetCtrlAddressHeader.func1({0x4327770?, 0xc00401c4e0?}, 0x0?)
        github.com/openziti/xweb/v2@v2.1.1/server.go:185 +0xc9
net/http.HandlerFunc.ServeHTTP(0x30?, {0x4327770?, 0xc00401c4e0?}, 0x30?)
        net/http/server.go:2220 +0x29
github.com/openziti/xweb/v2.(*Server).wrapHandler.(*Server).wrapPanicRecovery.func2({0x4327770?, 0xc00401c4e0?}, 0x1?)
        github.com/openziti/xweb/v2@v2.1.1/server.go:167 +0x75
net/http.HandlerFunc.ServeHTTP(0xc003d2efa0?, {0x4327770?, 0xc00401c4e0?}, 0xffffffffffffffff?)
        net/http/server.go:2220 +0x29
github.com/openziti/xweb/v2/middleware.handleGZip({0x43232f8, 0xc0037821c0}, 0xc0036fe640, {0x42fc240, 0xc002c73b20})
        github.com/openziti/xweb/v2@v2.1.1/middleware/compression.go:207 +0x19c
github.com/openziti/xweb/v2.(*Server).wrapHandler.NewCompressionHandler.func3({0x43232f8, 0xc0037821c0}, 0xc0036fe640)
        github.com/openziti/xweb/v2@v2.1.1/middleware/compression.go:88 +0xa5
net/http.HandlerFunc.ServeHTTP(0x1551225?, {0x43232f8?, 0xc0037821c0?}, 0xc003782101?)
        net/http/server.go:2220 +0x29
net/http.serverHandler.ServeHTTP({0x43197f8?}, {0x43232f8?, 0xc0037821c0?}, 0x6?)
        net/http/server.go:3210 +0x8e
net/http.(*conn).serve(0xc001c82c60, {0x4329ce8, 0xc0027442a0})
        net/http/server.go:2092 +0x5d0
created by net/http.(*Server).Serve in goroutine 106
        net/http/server.go:3360 +0x485
@plorenz plorenz self-assigned this Oct 1, 2024
@plorenz plorenz added bug Something isn't working panic describes a code panic controller Issue related to the controller distributed-control Work related to HA/Raft/other distributed control labels Oct 1, 2024
plorenz added a commit that referenced this issue Oct 1, 2024
@plorenz
Fix JWT refresh panic. Fixes #2460
9658033
@plorenz plorenz closed this as completed in b8294a9 Oct 1, 2024
plorenz added a commit that referenced this issue Oct 1, 2024
@plorenz
Merge pull request #2461 from openziti/fix-jwt-refresh-panic
852976e 
Fix JWT refresh panic. Fixes #2460
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@plorenz plorenz

Labels
bug Something isn't working controller Issue related to the controller distributed-control Work related to HA/Raft/other distributed control panic describes a code panic
Projects
Controller HA
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@plorenz