homura_left_得得B - hello i am try to use the ref...
hello i am try to use the refresh token to get another JWT ,
the doc said that
"You can use the refresh token to query /auth/refresh and get another JWT. The refresh token is valid for 30 days."
do the query here mean graphql query?
the return response was "DEBUG http://localhost:17170 "GET /auth/refresh HTTP/1.1" 401 47"
i got 401 in doing another python request
my code was like
try:
headers = {
'Authorization': refesh_token,
}
r = session.get("http://localhost:17170/auth/refresh", headers=headers,cookies={"cookie":"123"})
response = r.json() print(f"refresh result - {response}") except Exception as err: logging.error(f"login to lldap err - {err}") return "abc"
response = r.json() print(f"refresh result - {response}") except Exception as err: logging.error(f"login to lldap err - {err}") return "abc"
Solution:Jump to solution
As I said earlier, either in a "refresh-token" header, or in a "refresh_token" cookie
18 Replies
If you enable verbose mode in LLDAP, what logs do you get when trying to send the refresh query?
how do i enable verbose mode ?
Also note that the refresh token is not an
Authorization header, but a refresh-token header. The Authorization header is for the actual JWT
verbose=true in the config, or LLDAP_VERBOSE=true in the env, or --verbose in the CLIi have also try this according to oauth spec
data = {
'grant_type' : 'refresh_token',
'refresh_token' : refesh_token, "client_id": login_username, "client_secret": login_password }
r = session.get("http://localhost:17170/auth/refresh", data=data,cookies={"cookie":"123"})
'refresh_token' : refesh_token, "client_id": login_username, "client_secret": login_password }
r = session.get("http://localhost:17170/auth/refresh", data=data,cookies={"cookie":"123"})
The cookie is not needed (you can actually pass the refresh token as a
refresh_token cookie if you want)
It's not OAuth, so it won't help 🙂 Also, GET queries shouldn't have databut post get 405.., thats why i use get
Right, but that just means the query doesn't accept data
i still figure out how to set to verbose mode,
my docker command was
docker run -p 17170:17170 -p 3890:3890 -v /home/user/Jeff/Software/dev_project/lldap/lldap_data:/data nitnelave/lldap
You can check how to set environment variables for
docker run here: https://docs.docker.com/engine/reference/commandline/run/Docker Documentation
docker run
Learn all there is to know about the docker run command and how to use it in the Docker CLI.
cat lldapconfig.toml
`## Default configuration for Docker.
All the values can be overridden through environment variables, prefixed
with "LLDAP". For instance, "ldap_port" can be overridden with the
"LLDAP_LDAP_PORT" variable.
Tune the logging to be more verbose by setting this to be true.
You can set it with the LLDAP_VERBOSE environment variable."
verbose=true`
i already have it enabled but it seems have nothing return in the log
When quoting code/logs, make sure to wrap it in triple back-quotes: "``"
My guess is that your docker run command doesn't put the config file in a place that LLDAP can find it. I would either recommend to use docker compose (there's an example in the readme) or if you still want to use docker run, use environment variables to set the verbose mode
HTTP request [ 12.9µs | 100.00% ] method: "POST" | uri: "/auth/refresh"
2023-10-13T09:58:14.560054474+00:00 DEBUG ┕━ 🐛 [debug]: | status_code: 405
`
data = {
'grant_type' : 'refresh_token','refresh_token' : refesh_token,
}
r = session.post("http://localhost:17170/auth/refresh", data=data,cookies={"cookie":"123"})
` i have try refresh-token is not accepted,
As we talked about earlier, it should be a get, and without data
ok where should i pass the refresh token?
Solution
As I said earlier, either in a "refresh-token" header, or in a "refresh_token" cookie
thanks you!