Skip to content

fix: authtication error from Self-managed logged as SaaS

Shinya Maeda requested to merge fix-self-managed-auth-error-marked-as-saas-error into main

What does this merge request do and why?

This MR fixes that the JWT decode error caused by self-managed requests logged as SaaS requests.

See https://log.gprd.gitlab.net/app/r/s/q3B1k that there are quite a few of requests resulted in Not enough segments error:

Traceback (most recent call last):
  File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jws.py", line 176, in _load
    signing_input, crypto_segment = jwt.rsplit(b".", 1)
ValueError: not enough values to unpack (expected 2, got 1)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jwt.py", line 142, in decode
    payload = jws.verify(token, key, algorithms, verify=verify_signature)
  File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jws.py", line 70, in verify
    header, payload, signing_input, signature = _load(token)
  File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jws.py", line 180, in _load
    raise JWSError("Not enough segments")
jose.exceptions.JWSError: Not enough segments

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/ai_gateway/auth/providers.py", line 53, in authenticate
    jwt_claims = jwt.decode(
  File "/opt/venv/ai-gateway-9TtSrW0h-py3.10/lib/python3.10/site-packages/jose/jwt.py", line 144, in decode
    raise JWTError(e)
jose.exceptions.JWTError: Not enough segments

This indicates that the JWT is malformed (e.g. dot is missing), however, the request is logged as it came from saas instance according to the gitlab_realm field. Example. Just in case I checked the production log, but couldn't find the corresponding access request via the same correlation ID.

Related Investigate JWT "Not enough segments" errors (#400 - closed)

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Merge request checklist

  • Tests added for new functionality. If not, please raise an issue to follow up.
  • Documentation added/updated, if needed.
Edited by Tan Le

Merge request reports