Uploaded image for project: 'Migration Toolkit for Applications'
  1. Migration Toolkit for Applications
  2. MTA-41

[UI] Failed to refresh token if Keycloak feature "Use Refresh Tokens" is off

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Normal Normal
    • None
    • upstream
    • UI
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • DEV - Ack
    • None

      Description of problem

      The user can disable the Refresh Tokens feature in Keycloak for the tackle-ui client, and once it is off the UI fails on "Failed to refresh token" (screenshots are attached)

      How reproducible

      100%

      Steps to reproduce

      1. Login to the Keycloak administration web console
      2. Navigate to Clients -> tackle-ui
      3. On the Settings tab, expand "OpenID Connect Compatibility Modes" -> turn off "Use Refresh Tokens" option and Save

      Actual results

      Tackle UI is broken once the "Use Refresh Tokens" is off

      Expected results

      Since it is a feature provided by Keycloak and the user can turn it off/on - it should not break the Tackle UI

      Additional info

        1. refresh_tokens_off.png
          refresh_tokens_off.png
          35 kB
        2. ui_error.png
          ui_error.png
          179 kB
        3. mta_6.1.0_GA.png
          mta_6.1.0_GA.png
          164 kB

            [MTA-41] [UI] Failed to refresh token if Keycloak feature "Use Refresh Tokens" is off

            Maayan Hadasi added a comment - - edited

            Hi rhn-engineering-gdubreui, rhn-engineering-dymurray
            Since the solution does not work, I opened MTA-1255 to keep tracking the issue

            Maayan Hadasi added a comment - - edited Hi rhn-engineering-gdubreui , rhn-engineering-dymurray Since the solution does not work, I opened MTA-1255 to keep tracking the issue

            Maayan Hadasi added a comment - - edited

            rhn-engineering-gdubreui using MTA 6.1.0 GA, once "Use Refresh Tokens" is off the MTA UI becomes unusable after ~5 minutes. Page reloading helps.
            Please see attached mta_6.1.0_GA.png

            Maayan Hadasi added a comment - - edited rhn-engineering-gdubreui using MTA 6.1.0 GA, once "Use Refresh Tokens" is off the MTA UI becomes unusable after ~5 minutes. Page reloading helps. Please see attached mta_6.1.0_GA.png

            Errata Tool added a comment -

            Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

            For information on the advisory (Important: Migration Toolkit for Applications security and bug fix update), and where to find the updated files, follow the link below.

            If the solution does not work for you, open a new bug report.
            https://access.redhat.com/errata/RHSA-2023:2041

            Errata Tool added a comment - Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (Important: Migration Toolkit for Applications security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2041

            Igor Braginsky added a comment -

            Verified on MTA 6.1.0-13, works fine

            Igor Braginsky added a comment - Verified on MTA 6.1.0-13, works fine

            GitLab CEE Bot added a comment -

            CPaaS Service Account mentioned this issue in a merge request of rhmt / MTA Midstream on branch mta-6.1-rhel-8_upstream_e2b394dfe99b9cab1a9152c9c7d379ae:

            Updated 2 upstream sources

            GitLab CEE Bot added a comment - CPaaS Service Account mentioned this issue in a merge request of rhmt / MTA Midstream on branch mta-6.1-rhel-8_ upstream _e2b394dfe99b9cab1a9152c9c7d379ae : Updated 2 upstream sources

            GitLab CEE Bot added a comment -

            CPaaS Service Account mentioned this issue in a merge request of rhmt / MTA Midstream on branch mta-6.1-rhel-8_upstream_731a1bcd9dc3bfa1be9b2be65c5a5a5b:

            Updated 2 upstream sources

            GitLab CEE Bot added a comment - CPaaS Service Account mentioned this issue in a merge request of rhmt / MTA Midstream on branch mta-6.1-rhel-8_ upstream _731a1bcd9dc3bfa1be9b2be65c5a5a5b : Updated 2 upstream sources

            Maayan Hadasi added a comment -

            Thanks rhn-engineering-gdubreui for taking care of it
            I updated the ticket with the info.

            Maayan Hadasi added a comment - Thanks rhn-engineering-gdubreui for taking care of it I updated the ticket with the info.

            Gilles Dubreuil added a comment - - edited

            Authenticated as keycloak admin (/auth) in "Clients >  tackle-ui -> OpenID Connect Compatibility Modes", turn of "Use Refresh Tokens" option.

            https://github.com/konveyor/tackle2-ui/pull/771

            Gilles Dubreuil added a comment - - edited Authenticated as keycloak admin (/auth) in "Clients >  tackle-ui -> OpenID Connect Compatibility Modes", turn of "Use Refresh Tokens" option. https://github.com/konveyor/tackle2-ui/pull/771

            Gilles Dubreuil added a comment - - edited

            mguetta1 , just to let you know the screenshots are not attached.

            Could you also describe how a user can disable the refresh token feature ?

            Gilles Dubreuil added a comment - - edited mguetta1 , just to let you know the screenshots are not attached. Could you also describe how a user can disable the refresh token feature ?

              rhn-engineering-gdubreui Gilles Dubreuil
              mguetta1 Maayan Hadasi
              Maayan Hadasi Maayan Hadasi
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: