Unable to display ledgerId

Frankie · February 4, 2022, 5:56am

Hi there, after upgrade to 1.18.0 the authentication token stopped working. When trying to call showLedgerId, I got the following error on the Daml_Ledger_API side.

2022-02-04T06:08:00,892,+0000|WARN ||c.d.l.a.a.AuthServiceJWT$|ForkJoinPool-5-worker-6|||||Authorization error: Could not verify JWT token: com.auth0.jwk.SigningKeyNotFoundException: Cannot obtain jwks from url *****jwks url*****||
2022-02-04T06:08:00,894,+0000|WARN ||c.d.l.a.a.Authorizer|program-resource-pool-14|||||UNAUTHENTICATED(6,0): The command is missing a JWT token|{participantId: "p28b71c03_f3f5_45e0_b059_ba8b73b75bf2", err-context: "{location=ErrorFactories.scala:436}"}|

And error messages from the caller are

16:19:54.442 [main] ERROR a.c.a.t.util.ConnectionManager - [RESULT] Status{code=UNAUTHENTICATED, description=An error occurred. Please contact the operator and inquire about the request <no-correlation-id>, cause=null}
16:19:54.442 [main] ERROR a.c.a.t.util.ConnectionManager - [ERROR DESCRIPTION] java.util.concurrent.ExecutionException: io.grpc.StatusRuntimeException: UNAUTHENTICATED: An error occurred. Please contact the operator and inquire about the request <no-correlation-id>

Environment:
vmWare release 1.5
Daml SDK 1.18.0

cocreature · February 4, 2022, 7:45am

Is your JWKS server reachable from the machine your participant is running on?

Frankie · February 8, 2022, 11:00pm

We found the issue. The JWKS server tls certificate was not valid and causing the https call failure.

Just curious that if it is possible to add more error logging into the Ledger API layer? I’d assume that the Ledger API layer caught the exceptions as well but somehow not logged.

Marcin_Ziolek · February 9, 2022, 1:46pm

The error returned by the auth0 library class com.auth0.jwk.UrlJwkProvider is actually visible in the log snippet provided. It is returned when it is asked to resolve key on a dead jwks endpoint:

com.auth0.jwk.SigningKeyNotFoundException: Cannot obtain jwks from url *****jwks url*****

I doubt anything of interest happens outside of that call, so the only thing that could shed more light on this occurrence is to elevate the log-level of the com.auth0.jwk.UrlJwkProvider itself. This could be rather chatty though, and I would be reluctant to do that.

Topic		Replies	Views
Authentication Header not found after activating authentication on the Daml on SQL Driver Questions	12	396	March 3, 2021
Daml v2.0: Sandbox with authorization Questions daml	1	249	March 17, 2022
io.grpc.StatusRuntimeException: PERMISSION_DENIED with Java Bindings against Daml Hub Questions damlhub , grpc , ledger-api	2	335	March 21, 2023
Websocket error Questions damlhub , react	2	465	January 7, 2021
Sandbox Authorization: Authorization header not found Questions sandbox	6	613	December 15, 2020

Unable to display ledgerId

Related Topics