Project

General

Profile

Actions

Bug #18808

closed

OIDC token check can fail due to concurrent requests

Added by Tom Clegg almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Start date:
02/28/2022
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-
Release relationship:
Auto

Description

If two or more concurrent requests present the same OIDC token, and that token has not already been cached as an Arvados token in the database, multiple threads may try to insert a new token, in which case all but one will fail due to the unique constraint on the api_token column.

user supplied log excerpt:

"respBody":"{\"errors\":[\"error adding OIDC access token to database: pq: duplicate key value violates unique constraint \\\"index_api_client_authorizations_on_api_token\\\"\"]}\n" 

In this situation the losing thread should detect the race and use the token that was added by the winning thread, instead of erroring out.


Subtasks 1 (0 open1 closed)

Task #18809: Review 18808-new-token-raceResolvedTom Clegg02/28/2022

Actions
Actions

Also available in: Atom PDF