2

while running the vorto dashboard im getting the following error

       JWT expired, getting new Token Wed Aug 26 2020 07:38:56 GMT+0100 (BST)... StatusCodeError: 401 - 
{"status":401,"error":"gateway:authentication.failed","message":"Multiple authentication 
mechanisms were applicable but none succeeded.","description":"For a successful authentication
 see the following suggestions: { The JSON Web Token is not valid. }, 
{ Please provide a valid JWT in the authorization header prefixed with 'Bearer ' }."

The contents of config.json is as follows

{
  "client_id": "xxxxxxxxxxx",
  "client_secret": "xxxxxxxxxxxx",
  "scope": "xxxxxxxxxx",
  "intervalMS": 10000
}

Tried with setting the contents of config.json as environment variables. Then also im getting same error. Screenshot of web front end on accessing localhost:8080 is attached enter image description here

Tried with the following links Error running Vorto Dashboard for Bosch iot suite. But still its not working. Please help me in solving this issue

  • I think this issue has been formalized [here](https://github.com/eclipse/vorto/issues/2565). – Mena Aug 26 '20 at 09:03
  • @Mena Yeah.. Waiting for its solution... Is there any workaround for this bug. –  Aug 26 '20 at 18:04
  • not that I know of so far unfortunately. It looks more like a change on Things' side since the Vorto dashboard is not often maintained and nothing's changed in there for a while. – Mena Aug 27 '20 at 07:03
  • Note: by "things" I meant more like Suite Auth since what seems to be broken is the authentication process in use. I'm having a look at what the app does vs the most recent documentation, as soon as I can dig it out... – Mena Aug 27 '20 at 07:57
  • I think I have a clue why this is breaking. The token returned by the app's call to `https://access.bosch-iot-suite.com/token` differs from the one you'd get by, e.g. using your OAuth client on `https://accounts.bosch-iot-suite.com/oauth2-clients/`. Chiefly because it does not contain your scopes. That definitely seems to not work with things APIs. I'm going to throw the question around and fish for answers soon. – Mena Aug 27 '20 at 12:22
  • @Mena Thankyou for the effort. Expecting to be resolved soon –  Aug 28 '20 at 09:28

1 Answers1

0

I have discussed the matter internally to Bosch (disclaimer: I am an employee).

After discussing with the Bosch Suite Auth team, here is a summary of what happened.

  • The Suite Auth team recently transitioned from Keycloack to Hydra for their authentication technology
  • The relevant bit here is that previously, the scopes passed to the token request were ignored
  • The Vorto Dashboard app had been passing the wrong key for the scope parameter all along, when requesting a token, but it was ignored
  • Now that this parameter is relevant, the (incorrect) notation was not failing to produce a token, but obtained one that was not suitable to authorize with Bosch IoT Things, because it did not contain the appropriate scope
  • In turn, fixing this key produces a token that successfully authorizes with Bosch IoT Things

If you're in a hurry, you can check out this branch with the fix (it's literally an 8 characters change set).

Otherwise, you can monitor this GitHub ticket for closure - I will close it when the fix is merged to the master branch of the Vorto Examples project.

Mena
  • 47,782
  • 11
  • 87
  • 106