fix: authtication error from Self-managed logged as SaaS
What does this merge request do and why?
This MR fixes that the JWT decode error caused by self-managed requests logged as SaaS requests.
See https://log.gprd.gitlab.net/app/r/s/q3B1k that there are quite a few of requests resulted in Not enough segments
error:
Traceback (most recent call last):
File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jws.py", line 176, in _load
signing_input, crypto_segment = jwt.rsplit(b".", 1)
ValueError: not enough values to unpack (expected 2, got 1)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jwt.py", line 142, in decode
payload = jws.verify(token, key, algorithms, verify=verify_signature)
File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jws.py", line 70, in verify
header, payload, signing_input, signature = _load(token)
File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jws.py", line 180, in _load
raise JWSError("Not enough segments")
jose.exceptions.JWSError: Not enough segments
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/ai_gateway/auth/providers.py", line 53, in authenticate
jwt_claims = jwt.decode(
File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jwt.py", line 144, in decode
raise JWTError(e)
jose.exceptions.JWTError: Not enough segments
This indicates that the JWT is malformed (e.g. dot
is missing), however, the request is logged as it came from saas
instance according to the gitlab_realm
field. Example. Just in case I checked the production log, but couldn't find the corresponding access request via the same correlation ID.
Related Investigate JWT "Not enough segments" errors (#400 - closed)
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Merge request checklist
-
Tests added for new functionality. If not, please raise an issue to follow up. -
Documentation added/updated, if needed.
Edited by Tan Le