jfrog
jf atc permanently breaks cli auth generated via jf login
Describe the bug
Having authenticated the cli using jf login, then invoked jf atc, future invocations of jf atc or jf rt ping fail with:
09:42:30 [🚨Error] Refresh access token failed: server response: 404 Not Found
{
"errors": [
{
"code": "NOT_FOUND",
"message": "Token matching the provided refresh token was not found."
}
]
}
Current behavior
Initial State
- jfrog cli has no config:
cat ~/.jfrog/jfrog-cli.conf.v6 { "servers": [], "version": "6" } - Logged in to JFrog web UI with username and password.
- No tokens visible at
https://<JFrog Platform URL>/ui/admin/configuration/security/access_tokens
Authenticate jfrog cli via Web UI
-
jf login, providing JFrog Platform URL when prompted, accepting default values, and successfully completing code prompt entry. - jfrog cli has config:
cat ~/.jfrog/jfrog-cli.conf.v6 { "servers": [ { "url": "https://<JFrog Platform URL>/", "artifactoryUrl": "https://<JFrog Platform URL>/artifactory/", "distributionUrl": "https://<JFrog Platform URL>/distribution/", "xrayUrl": "https://<JFrog Platform URL>/xray/", "missionControlUrl": "https://<JFrog Platform URL>/mc/", "pipelinesUrl": "https://<JFrog Platform URL>/pipelines/", "user": <redacted>, "accessToken": <redacted>, "refreshToken": <redacted>, "serverId": <redacted>, "isDefault": true, "webLogin": true } ], "version": "6" } - One token visible at
https://<JFrog Platform URL>/ui/admin/configuration/security/access_tokens:- token id: "b2c050ab-b04b-4f1f-a3fe-e8789716f7b5"
Create access token for use in scripting with jfrog cli
JFROG_CLI_LOG_LEVEL=DEBUG jf atc
09:19:15 [Debug] JFrog CLI version: 2.52.10
09:19:15 [Debug] OS/Arch: darwin/arm64
09:19:15 [Debug] Usage Report: Sending info...
09:19:15 [Debug] Refreshing token...
09:19:15 [Debug] Creating lock in: <redacted>
09:19:30 [Debug] Sending HTTP POST request to: https://<JFrog Platform URL>/access/api/v1/tokens
09:19:30 [Debug] Releasing lock: <redacted>
09:19:30 [Debug] Sending HTTP POST request to: https://<JFrog Platform URL>/access/api/v1/tokens
09:19:30 [Debug] Refreshing token...
09:19:30 [Debug] Creating lock in: <redacted>
09:19:30 [Debug] Fetched new token from config.
09:19:30 [Debug] Releasing lock: <redacted>
09:19:30 [Debug] Sending HTTP GET request to: https://<JFrog Platform URL>/artifactory/api/system/version
09:19:31 [Debug] Artifactory response: 200
09:19:31 [Debug] JFrog Artifactory version is: 7.81.2
09:19:31 [Debug] Refreshing token...
09:19:31 [Debug] Creating lock in: <redacted>
09:19:46 [Debug] Sending HTTP POST request to: https://<JFrog Platform URL>/access/api/v1/tokens
09:19:46 [Debug] Releasing lock: <redacted>
09:19:46 [Debug] Couldnt send usage info. Error: Refresh access token failed: server response: 404 Not Found
{
"errors": [
{
"code": "NOT_FOUND",
"message": "Token matching the provided refresh token was not found."
}
]
}
{
"scope": "applied-permissions/user",
"access_token": <redacted>,
"expires_in": 28800,
"token_type": "Bearer",
"token_id": "8715eabd-680b-4d4f-b626-eb31aeef1601"
}
-
A new token is created, but the
404 not foundjson also going to stdout renders this operation useless for scripting. -
jfrog cli has config:
cat ~/.jfrog/jfrog-cli.conf.v6 { "servers": [ { "url": "https://<JFrog Platform URL>/", "artifactoryUrl": "https://<JFrog Platform URL>/artifactory/", "distributionUrl": "https://<JFrog Platform URL>/distribution/", "xrayUrl": "https://<JFrog Platform URL>/xray/", "missionControlUrl": "https://<JFrog Platform URL>/mc/", "pipelinesUrl": "https://<JFrog Platform URL>/pipelines/", "user": <redacted>, "accessToken": <redacted>, "refreshToken": <redacted>, "artifactoryRefreshToken": <redacted>, "serverId": <redacted>, "isDefault": true, "webLogin": true } ], "version": "6" }- the value of
refreshTokenis unchanged from the value after initialjf login - there is a new
artifactoryRefreshToken
- the value of
-
Two tokens visible at
https://<JFrog Platform URL>/ui/admin/configuration/security/access_tokens:- token id: "6dfeeffd-9ead-4436-83c2-fe64cc636add"
- this appears to have replaced the token id "b2c050ab-b04b-4f1f-a3fe-e8789716f7b5" created by the initial
jf login
- this appears to have replaced the token id "b2c050ab-b04b-4f1f-a3fe-e8789716f7b5" created by the initial
- token id: "8715eabd-680b-4d4f-b626-eb31aeef1601"
- this correponds to the token output from
jf atcabove
- this correponds to the token output from
- token id: "6dfeeffd-9ead-4436-83c2-fe64cc636add"
Attempt to create another access token for use in scripting with jfrog cli
JFROG_CLI_LOG_LEVEL=DEBUG jf atc
09:36:06 [Debug] JFrog CLI version: 2.52.10
09:36:06 [Debug] OS/Arch: darwin/arm64
09:36:06 [Debug] Usage Report: Sending info...
09:36:06 [Debug] Refreshing token...
09:36:06 [Debug] Creating lock in: <redacted>
09:36:21 [Debug] Sending HTTP POST request to: https://<JFrog Platform URL>/access/api/v1/tokens
09:36:21 [Debug] Releasing lock: <redacted>
09:36:21 [Debug] Refreshing token...
09:36:21 [Debug] Creating lock in: <redacted>
09:36:36 [Debug] Sending HTTP POST request to: https://<JFrog Platform URL>/access/api/v1/tokens
09:36:36 [Debug] Releasing lock: <redacted>
09:36:36 [Debug] Couldnt get Artifactory version. Error: Refresh access token failed: server response: 404 Not Found
{
"errors": [
{
"code": "NOT_FOUND",
"message": "Token matching the provided refresh token was not found."
}
]
}
09:36:36 [🚨Error] Refresh access token failed: server response: 404 Not Found
{
"errors": [
{
"code": "NOT_FOUND",
"message": "Token matching the provided refresh token was not found."
}
]
}
- jfrog cli has config:
cat ~/.jfrog/jfrog-cli.conf.v6
{
"servers": [
{
"url": "https://<JFrog Platform URL>/",
"artifactoryUrl": "https://<JFrog Platform URL>/artifactory/",
"distributionUrl": "https://<JFrog Platform URL>/distribution/",
"xrayUrl": "https://<JFrog Platform URL>/xray/",
"missionControlUrl": "https://<JFrog Platform URL>/mc/",
"pipelinesUrl": "https://<JFrog Platform URL>/pipelines/",
"user": <redacted>,
"accessToken": <redacted>,
"refreshToken": <redacted>,
"artifactoryRefreshToken": <redacted>,
"serverId": <redacted>,
"isDefault": true,
"webLogin": true
}
],
"version": "6"
}
-
the value of
refreshTokenis unchanged from the value after initialjf login -
there value of
artifactoryRefreshTokenis unchanged from its value after appearing subsequent to the firstjf atc -
The two tokens visible at
https://<JFrog Platform URL>/ui/admin/configuration/security/access_tokensare unchanged from their values after the firstjf atc:- token id: "6dfeeffd-9ead-4436-83c2-fe64cc636add"
- token id: "8715eabd-680b-4d4f-b626-eb31aeef1601"
-
Other cli commands are now broken:
jf rt ping 09:42:30 [🚨Error] Refresh access token failed: server response: 404 Not Found { "errors": [ { "code": "NOT_FOUND", "message": "Token matching the provided refresh token was not found." } ] }
Reproduction steps
See above.
Expected behavior
Having authenticated the cli using jf login, can repeatedly invoke jf atc as needed, receiving no errors and a valid token that can be used, e.g:
curl -H "Authorization: Bearer $(jf atc --expiry 60 | jq --raw-output '. | .access_token')" https://<JFrog Platform URL>/access/api/v1/tokens
JFrog CLI version
jf version 2.52.10
Operating system type and version
darwin/arm64 14.4 (23E214)
JFrog Artifactory version
SaaS
JFrog Xray version
SaaS
Hi @StephenWithPH , Thank you for reporting this issue. I created https://github.com/jfrog/jfrog-cli-core/pull/1177 to fix the issue with refreshing the tokens.
As for the error going to stdout, I verified that errors thrown from the usage report are always reported to the debug log that defaults to stderr. Can you make sure that you don't have logs printed to stdout?
Thanks
As for the error going to stdout, I verified that errors thrown from the usage report are always reported to the debug log that defaults to stderr. Can you make sure that you don't have logs printed to stdout?
I likely failed to unset some redirection while I was debugging / repro'ing to open the issue. I apologize.