PHP:
<?php
if (!empty($_SESSION['user'])) {
header("Location: /account/earn/links");
}
$time = time();
$data = array();
$config = new config();
$ip = func::clear($_SERVER['REMOTE_ADDR']);
$meta =func::clear($_SERVER['HTTP_USER_AGENT']);
$vk_url = 'http://oauth.vk.com/authorize';
$vk_params = array(
'client_id' => $config->vk_client_id,
'redirect_uri' => $config->vk_redirect_uri,
'scope' => 'email,photos',
'response_type' => 'code'
);
$data['vk_auth'] = $vk_url . "?" . urldecode(http_build_query($vk_params));
if (isset($_GET['code'])) {
$result = false;
$vk_params = array(
'client_id' => $config->vk_client_id,
'client_secret' => $config->vk_client_secret,
'code' => $_GET['code'],
'redirect_uri' => $config->vk_redirect_uri
);
//ВОТ ДО СЮДА ДОХОДИТ, А ДАЛЬШЕ НЕ ИДЁТ***
$token = json_decode(file_get_contents('https://oauth.vk.com/access_token' . '?' . urldecode(https_build_query($vk_params))), true);
if (isset($token['access_token'])) {
$vk_params = array(
'user_ids' => $token['user_id'],
'fields' => 'user_id,first_name,last_name,photo_100',
'access_token' => $token['access_token']
);
$userInfo = json_decode(file_get_contents('https://api.vk.com/method/users.get?&v=5.0' . '?' . urldecode(http_build_query($vk_params))), true);
if (isset($userInfo['response'][0]['id'])) {
$userInfo = $userInfo['response'][0];
$result = true;
}
}
if ($result) {
$uid = $userInfo['id'];
$email = $token["email"];
$first_name = $userInfo['first_name'];
$last_name = $userInfo['last_name'];
$screen_name = $first_name . ' ' . $last_name;
$photo_100 = $userInfo['photo_100'];
$ref_1 = 0;
$db->Query("SELECT * FROM users WHERE uid = '{$uid}'");
$user_data = $db->FetchArray();
if($user_data['ban'] == '2'){
die(header('location: /ban'));
}
$db->Query("SELECT * FROM lider WHERE id = '1'");
$lider_data = $db->FetchArray();
$lider = $lider_data['user_id'];
$ref_1 = $lider;
$ref_2 = 0;
$ref_3 = 0;
if (isset($_COOKIE['referer']) && !empty($_COOKIE['referer'])) {
$ref = func::clear($_COOKIE['referer'], 'int');
$db->Query("SELECT * FROM users WHERE id = '{$ref}'");
if ($db->NumRows() > 0) {
$db->Query("SELECT * FROM users_ref WHERE user_id = '{$ref}'");
$ref_dat = $db->FetchArray();
$ref_1 = $ref;
$db->Query("UPDATE users SET refs = refs + 1 WHERE id = '{$ref_1}'");
}
}
$db->Query("SELECT id, uid FROM users WHERE uid = {$uid}");
if ($db->NumRows() > 0) {
$user = $db->FetchArray();
$id = $user['id'];
$_SESSION['user'] = $id;
$db->Query("INSERT INTO auth (user_id,ip,time,meta) VALUES ('{$id}','{$ip}','{$time}','{$meta}')");
$db->Query("UPDATE users SET email = '{$email}', screen_name = '{$screen_name}', photo_100 = '{$photo_100}', ip = '{$ip}' WHERE id = '{$id}'");
header('location: /account/earn/links');
} else {
if (isset($_COOKIE['httpref'])) {
$httpref = func::clear($_COOKIE['httpref']);
} else $httpref = '0';
$db->Query("INSERT INTO users (uid,email,screen_name,photo_100,ip,date_reg)
VALUES ('{$uid}','{$email}','{$screen_name}','{$photo_100}','{$ip}','{$time}')");
$id = $db->LastInsert();
$db->Query("INSERT INTO users_conf (user_id,httpref) VALUES ('{$id}','{$httpref}')");
$db->Query("INSERT INTO users_ref (user_id,ref_1,to_ref_1)
VALUES ('{$id}','{$ref_1}','0')");
$_SESSION['user'] = $id;
$db->Query("INSERT INTO auth (user_id,ip,time,meta) VALUES ('{$id}','{$ip}','{$time}','{$meta}')");
header('location: /account/earn/links');
}
}
}
$ok_url = 'http://www.odnoklassniki.ru/oauth/authorize';
$ok_params = array(
'client_id' => $config->ok_client_id,
'response_type' => 'code',
'redirect_uri' => $config->ok_redirect_uri
);
$data['ok_auth'] = $ok_url . '?' . urldecode(http_build_query($ok_params));
$fb_url = 'https://www.facebook.com/v2.11/dialog/oauth';
$fb_params = array(
'client_id' => $config->fb_client_id,
'redirect_uri' => $config->fb_redirect_uri,
'response_type' => 'code',
'scope' => 'email'
);
$data['fb_auth'] = $fb_url.'?'.urldecode(http_build_query($fb_params));
new gen('login', $data);При получении access_token истекает время действия кода, при чем когда делаешь запрос через ajax. Если просто перейти по урлу, то я вижу этот токен. В чем проблема, учитывая то, что этот код, как написано в доках живет час?
- oauth
- ajax
- javascript
- вконтакте
Sleeping Owl
1411 золотой знак2 серебряных знака9 бронзовых знаков
задан 26 апр 2013 в 3:25
ИвоИво
211 серебряный знак3 бронзовых знака
1
-
Вы для чего получаете
access_token?17 окт 2015 в 22:12
1 ответ
Deleted
3711 золотой знак5 серебряных знаков13 бронзовых знаков
ответ дан 26 апр 2013 в 5:41
QuissQuiss
9641 золотой знак14 серебряных знаков27 бронзовых знаков
1
-
Не знаю, что и сказать, потому что с одной стороны это решение для сервер-сайд. А с другой стороны для меня работает такой вариант: oauth.vk.com/… Т.е. я миную получение code
26 апр 2013 в 6:21
PHP:
<?php
if (!empty($_SESSION['user'])) {
header("Location: /account/earn/links");
}
$time = time();
$data = array();
$config = new config();
$ip = func::clear($_SERVER['REMOTE_ADDR']);
$meta =func::clear($_SERVER['HTTP_USER_AGENT']);
$vk_url = 'http://oauth.vk.com/authorize';
$vk_params = array(
'client_id' => $config->vk_client_id,
'redirect_uri' => $config->vk_redirect_uri,
'scope' => 'email,photos',
'response_type' => 'code'
);
$data['vk_auth'] = $vk_url . "?" . urldecode(http_build_query($vk_params));
if (isset($_GET['code'])) {
$result = false;
$vk_params = array(
'client_id' => $config->vk_client_id,
'client_secret' => $config->vk_client_secret,
'code' => $_GET['code'],
'redirect_uri' => $config->vk_redirect_uri
);
//ВОТ ДО СЮДА ДОХОДИТ, А ДАЛЬШЕ НЕ ИДЁТ***
$token = json_decode(file_get_contents('https://oauth.vk.com/access_token' . '?' . urldecode(https_build_query($vk_params))), true);
if (isset($token['access_token'])) {
$vk_params = array(
'user_ids' => $token['user_id'],
'fields' => 'user_id,first_name,last_name,photo_100',
'access_token' => $token['access_token']
);
$userInfo = json_decode(file_get_contents('https://api.vk.com/method/users.get?&v=5.0' . '?' . urldecode(http_build_query($vk_params))), true);
if (isset($userInfo['response'][0]['id'])) {
$userInfo = $userInfo['response'][0];
$result = true;
}
}
if ($result) {
$uid = $userInfo['id'];
$email = $token["email"];
$first_name = $userInfo['first_name'];
$last_name = $userInfo['last_name'];
$screen_name = $first_name . ' ' . $last_name;
$photo_100 = $userInfo['photo_100'];
$ref_1 = 0;
$db->Query("SELECT * FROM users WHERE uid = '{$uid}'");
$user_data = $db->FetchArray();
if($user_data['ban'] == '2'){
die(header('location: /ban'));
}
$db->Query("SELECT * FROM lider WHERE id = '1'");
$lider_data = $db->FetchArray();
$lider = $lider_data['user_id'];
$ref_1 = $lider;
$ref_2 = 0;
$ref_3 = 0;
if (isset($_COOKIE['referer']) && !empty($_COOKIE['referer'])) {
$ref = func::clear($_COOKIE['referer'], 'int');
$db->Query("SELECT * FROM users WHERE id = '{$ref}'");
if ($db->NumRows() > 0) {
$db->Query("SELECT * FROM users_ref WHERE user_id = '{$ref}'");
$ref_dat = $db->FetchArray();
$ref_1 = $ref;
$db->Query("UPDATE users SET refs = refs + 1 WHERE id = '{$ref_1}'");
}
}
$db->Query("SELECT id, uid FROM users WHERE uid = {$uid}");
if ($db->NumRows() > 0) {
$user = $db->FetchArray();
$id = $user['id'];
$_SESSION['user'] = $id;
$db->Query("INSERT INTO auth (user_id,ip,time,meta) VALUES ('{$id}','{$ip}','{$time}','{$meta}')");
$db->Query("UPDATE users SET email = '{$email}', screen_name = '{$screen_name}', photo_100 = '{$photo_100}', ip = '{$ip}' WHERE id = '{$id}'");
header('location: /account/earn/links');
} else {
if (isset($_COOKIE['httpref'])) {
$httpref = func::clear($_COOKIE['httpref']);
} else $httpref = '0';
$db->Query("INSERT INTO users (uid,email,screen_name,photo_100,ip,date_reg)
VALUES ('{$uid}','{$email}','{$screen_name}','{$photo_100}','{$ip}','{$time}')");
$id = $db->LastInsert();
$db->Query("INSERT INTO users_conf (user_id,httpref) VALUES ('{$id}','{$httpref}')");
$db->Query("INSERT INTO users_ref (user_id,ref_1,to_ref_1)
VALUES ('{$id}','{$ref_1}','0')");
$_SESSION['user'] = $id;
$db->Query("INSERT INTO auth (user_id,ip,time,meta) VALUES ('{$id}','{$ip}','{$time}','{$meta}')");
header('location: /account/earn/links');
}
}
}
$ok_url = 'http://www.odnoklassniki.ru/oauth/authorize';
$ok_params = array(
'client_id' => $config->ok_client_id,
'response_type' => 'code',
'redirect_uri' => $config->ok_redirect_uri
);
$data['ok_auth'] = $ok_url . '?' . urldecode(http_build_query($ok_params));
$fb_url = 'https://www.facebook.com/v2.11/dialog/oauth';
$fb_params = array(
'client_id' => $config->fb_client_id,
'redirect_uri' => $config->fb_redirect_uri,
'response_type' => 'code',
'scope' => 'email'
);
$data['fb_auth'] = $fb_url.'?'.urldecode(http_build_query($fb_params));
new gen('login', $data);Here we list the most common errors encountered in Rabobank OAuth 2.0 flow on the client side. These use cases list reason for errors and how to troubleshoot them.
During the Authorization call to get the consent of the user, the TPP may encounter the following:
Invalid client id supplied
You receive an HTTP response of 401 Unauthorized with the message invalid client id or secret while invoking an Authorization flow.
This could be caused by one of the following:
- Invalid client id is supplied in the request.
- Your TPP application is not subscribed to an API using OAuth 2.0.
To solve this issue, your application should be subscribed to an API using OAuth 2.0 and provide a valid client ID.
Redirect URI mismatch
When registering an application, you should provide a redirect URI on the Rabobank developer portal.
If you have more than one redirect URLs listed in the developer portal, make sure to provide one of the redirect URI (as provided during registration) in the redirect_uri query parameter during an Authorization call. If the redirect URI from your request does not match with the one registered on the Rabobank developer portal, you get the following error:
Requesting access token
To access the requested resources, you should exchange the received authorization code for an access token. During the retrieval of the access token, you may encounter the following:
Invalid authorization code (grant type code flow)
The authorization code should be sent to the token endpoint to get the access token. Sending an invalid authorization code (expired, invalid, or already used) results in the below error:
Http status:400(Bad request){"error":"invalid_grant"}
To avoid this error, you should pass the correct authorization code before it expires (expiry: 5 minutes). Make sure to not call the token endpoint multiple times using the same authorization code.
Adding a slight delay of 1000ms before calling this endpoint ensures that the authorization code is in sync across our servers.
Invalid refresh token
Sending invalid Refresh token to get access token results in the below error:
Http status:401(Unauthorized){"error":"invalid_grant"}
The Refresh token is valid for 30 days and can be only used once. To avoid this error, you should pass a valid Refresh token and not use the same token multiple times.
Invalid authorization header
While making a call to the token endpoint, an Authorization header should be provided consisting of a client id and client secret. If an invalid combination is passed, it results in the below error:
Http status:401(Unauthorized){"error":"invalid_client"}
To avoid this error, you should use the correct client id and client secret and make sure that the Authorization header is prepared as specified in the OAuth documentation.
Grant type missing
While making a call to the token endpoint, the grant_type query parameter should be provided. The value of this query parameter is based on the type of authorization you are passing to the endpoint.
For example, if you are swapping an authorization code for an access token the value of the parameter should be the authorization_code.
An example of the error message returned is as below:
Http status:400(Bad request){"error":"invalid_request"}
To avoid this error, make sure to provide all the required parameters, including grant_type.
Requesting resources with an access token
Access token invalid
The Access token issued by the authorization server is valid for 60 minutes for PSD2 and 24 hrs for Premium after receiving. Passing an expired or invalid Access token while accessing the resource results in the following error.
{"httpCode":"401","httpMessage":"Unauthorized","moreInformation":"This server could not verify that you are authorized to access the URL"}
To avoid this error, you should always check the expiry time associated with the access token. If the token is expired, use a Refresh token to receive a new Access token.
If you are unable to get a new access token using the refresh token, it could be because the user consent is either expired or revoked. You can validate the consent using the Consent Details Service API.
If this is the case, you should renew the consent before proceeding.
How to check if the user consent is expired (or) revoked?
Using the information you received during the authorization flow, you can retrieve the consent by a specific Id as explained in the API Consent Details Service documentation.
If the consent status is one of the following, the consent is not valid and cannot be used to access the resources:
- expired
- revokedByPsu
- terminatedByTpp
- received
- rejected
Using an invalid consent results in the following error:
{"httpCode":"403","httpMessage":"Forbidden","moreInformation":"CONSENT_INVALID"}
To access the resource gain, you should follow the authorization flow again and ask the user permission(s) to the required resources.
Deactivated or Expired consent
The consent of the user may be expired or revoked by the user, while your access/refresh tokens are still active, this results in a 403 Forbidden CONSENT_INVALID error message.
You may also check the status of the consent by making a call to Consent Details Service API and re-initiate the consent flow if required.
Not having the required permission to access an API
{"httpCode":"403","httpMessage":"Forbidden","moreInformation":"FORBIDDEN"}
A 403 Forbidden FORBIDDEN error can be triggered if the Access token included in the request does not contain the correct scope for the API being used.
Example: You have an access token for the scope paymentRequest, but you are trying to access the Account information API, this API requires a different scope: ‘ais.balances.read’.
To avoid this error, follow the authorization flow with the correct scope required for your API.
При получении access_token истекает время действия кода, при чем когда делаешь запрос через ajax. Если просто перейти по урлу, то я вижу этот токен. В чем проблема, учитывая то, что этот код, как написано в доках живет час?
Sleeping Owl
1411 золотой знак2 серебряных знака9 бронзовых знаков
задан 26 апр 2013 в 3:25
1
Аутентификация через ВКонтакте почитайте, есть вероятность что что-то написано не правильно у вас в коде =)
Deleted
3611 золотой знак5 серебряных знаков13 бронзовых знаков
ответ дан 26 апр 2013 в 5:41
QuissQuiss
9641 золотой знак14 серебряных знаков27 бронзовых знаков
1
При самой первой авторизации на сайте получаю такую ошибку, но при этом авторизация выполняется у пользователя:
TokenError: Code is invalid or expired. at Strategy.OAuth2Strategy.parseErrorResponse (/srv/13case/node_modules/passport-oauth2/lib/strategy.js:320:12) at Strategy.parseErrorResponse (/srv/13case/node_modules/passport-vkontakte/lib/passport-vkontakte/strategy.js:176:54) at Strategy.OAuth2Strategy._createOAuthError (/srv/13case/node_modules/passport-oauth2/lib/strategy.js:367:16) at /srv/13case/node_modules/passport-oauth2/lib/strategy.js:166:45 at /srv/13case/node_modules/oauth/lib/oauth2.js:191:18 at passBackControl (/srv/13case/node_modules/oauth/lib/oauth2.js:132:9) at IncomingMessage.<anonymous> (/srv/13case/node_modules/oauth/lib/oauth2.js:157:7) at emitNone (events.js:91:20) at IncomingMessage.emit (events.js:185:7) at endReadableNT (_stream_readable.js:974:12)
Код обработчика:
passport.use(new VkStrategy( { clientID: config.get('vkID'), clientSecret: config.get('vkSecret'), callbackURL: config.get('vkCb') + '/auth/vk/callback' }, function verify(accessToken, refreshToken, params, profile, done) { process.nextTick(function () { return done(null, { userid: profile.id, username: profile.displayName, photoUrl: profile.photos[0].value, profileUrl: profile.profileUrl }); }); } ));
Код роутерингов:
app.get('/auth/vk', passport.authenticate('vkontakte'), function(req, res){}); app.get('/auth/vk/undefined', passport.authenticate('vkontakte'), function(req, res){}); app.get('/auth/vk/callback', passport.authenticate('vkontakte', { failureRedirect: '/' }), function(req, res) { res.redirect(req.headers.referer); });
В чем проблема?
Ошибка при входе через соцсети
Не принято
2
Ошибка при входе через все соцсети. После ввода логина и пароля белый экран. Обновление страницы не помогает. При возврате на предыдущую страницу и обновлении её оказывается вход выполнен.
Тоже самое через ВКонтакте и перестала работать регистрация через ВКонтакте.
Ошибки в логе auth.log:
2017-02-11 21:24:01 5.18.222.104
vkontakte:401: invalid_grant (Code is invalid or expired.)
Ошибка в логе errore.log:
Uncaught exception waException:
invalid_grant (Code is invalid or expired.) (401)
## /home/c/мой_домен/webasyst/public_html/wa-system/auth/adapters/vkontakteAuth.class.php(41)
#0 /home/c/мой_домен/webasyst/public_html/wa-system/auth/waOAuth2Adapter.class.php(40): vkontakteAuth->getAccessToken('9bbf55b9d3caf80...')
#1 /home/c/мой_домен/webasyst/public_html/wa-system/controller/waOAuthController.class.php(43): waOAuth2Adapter->auth()
#2 /home/c/мой_домен/webasyst/public_html/wa-system/controller/waController.class.php(21): waOAuthController->execute()
#3 /home/c/мой_домен/webasyst/public_html/wa-system/controller/waViewController.class.php(46): waController->run(NULL)
#4 /home/c/мой_домен/webasyst/public_html/wa-system/controller/waFrontController.class.php(226): waViewController->run(NULL)
#5 /home/c/мой_домен/webasyst/public_html/wa-system/controller/waFrontController.class.php(161): waFrontController->runController(Object(webasystOAuthController), NULL)
#6 /home/c/мой_домен/webasyst/public_html/wa-system/waSystem.class.php(591): waFrontController->execute(NULL, 'OAuth')
#7 /home/c/мой_домен/webasyst/public_html/wa-system/waSystem.class.php(485): waSystem->dispatchFrontend('oauth.php')
#8 /home/c/мой_домен/webasyst/public_html/index.php(7): waSystem->dispatch()
#9 {main}
5 комментариев
- популярные
- новые
-
+1
Антон
11 февраля 2017 23:50
#
Добавлю при попытке входа белый экран, обновляю страницу и выдаёт «Ошибка 401»
-
+1
Антон
13 февраля 2017 13:10
#
В браузере нажимаю на значок (вход вконтакте), появляется поля для ввода логина и пароля, ввожу и нажимаю вход. Получаю просто белый экран. Обновляю страницу и получаю ошибку 401
Потом в браузере возвращаюсь назад на страницу входа, обновляю. Вижу, что вход уже выполнен.
Я так понимаю, что после ввода логина и пароля не возвращает в магазин?
-
+1
Антон
13 февраля 2017 13:16
#
Тот же белый экран в Facebook, Mail.ru, Google+
Регистрация ВК, тоже белый экран.
Может у меня неправильно обновления Webasyst установились?
-
+1
Антон
14 февраля 2017 17:57
#
Вопрос решён. Проблема была в шаблоне оформления. В логах этого не видно. Проверяйте всё на теме Дефолт.
-
Добавить комментарий
перестала принимать токен, при этом CLI его принимает, а попытка его обновить приводит к получению того же самого токена.
russian
software
database
yandex-cloud
14:56 29.03.2022
6
ответов
А у поддержки лапки.
14:57 29.03.2022
дебаг в терраформе ничего интересного не показал?
14:57 29.03.2022
че пишет-то?
14:59 29.03.2022
А как использовать?
14:59 29.03.2022
Nikolay 🤦♂️ Matrosov
че пишет-то?
Error: Error while requesting API to create Yandex Cloud Container: *********************** rpc error: code = Unauthenticated desc = OAuth token is invalid or expired
15:00 29.03.2022
Котяй Негодяй
А как использовать?
https://www.terraform.io/internals/debugging
15:01 29.03.2022
Похожие вопросы
The authorization server responds with HTTP 400 or 401 status codes. Here, two cases take place, if an error occurs during the authorization. In the first case, the client is not identified or recognized. In the second case, something else fails in spite of the client being identified exactly. In such a case, an error response is sent back to the client as follows −
-
error_description − It is an optional human readable error description in a language specified by Content-Language header, which is meant for the developer and not the end user.
-
error_uri − It is an optional link to a human-readable web page along with information about an error that can be helpful for problem solving.
-
error − It is a set of predefined error codes.
Following is the description of error codes and equivalent HTTP status codes.
400 Errors
The following table shows 400 errors with description.
| Sr.No. | Error & Description |
|---|---|
| 1 |
unsupported_over_http OAuth 2.0 only supports the calls over https. |
| 2 |
version_rejected If an unsupported version of OAuth is supplied. |
| 3 |
parameter_absent If a required parameter is missing from the request. |
| 4 |
parameter_rejected When a given parameter is too long. |
| 5 |
invalid_client When an invalid client ID is given. |
| 6 |
invalid_request When an invalid request parameter is given. |
| 7 |
unsupported_response_type When a response type provided does not match that particular request. |
| 8 |
unsupported_grant_type When a grant type is provided that does not match a particular request. |
| 9 |
invalid_param When an invalid request parameter is provided. |
| 10 |
unauthorized_client When the client is not given the permission to perform some action. |
| 11 |
access_denied When the resource owner refuses the request for authorization. |
| 12 |
server_error This error displays an unexpected error. |
401 Errors
The following table shows 401 errors with description.
| Sr.No. | Error & Description |
|---|---|
| 1 |
token_expired When the provided token expires. |
| 2 |
invalid_token When the provided token is invalid. |
| 3 |
invalid_callback When the provided URI with the request does not match the consumer key. |
| 4 |
invalid_client_secret When the provided client server is invalid. |
| 5 |
invalid_grant When the provided token has either expired or is invalid. |
oauth2.0_client_credentials.htm
Приложение в виде сайта.
Делаю авторизацию как по гайду
Стопорюсь на получение токена пишет:
{"error":"invalid_grant","error_description":"Code is invalid or expired."}Моя ссылка:
https://oauth.vk.com/access_token?client_id=мойид&client_secret=мойключ&redirect_uri=мойурл&code=257db363d39654cac7Перерыл весь гугл так и ненашёл ответа. Подскажите в чём проблема.
-
Вопрос задан
-
2588 просмотров
Так решилась моя проблема.
Вообщем ситуация такая, нужно для получения code заходить по http, а не по https.
Пригласить эксперта
Почему не испольуете Auth Widget?
// EDIT
Если проблемы в серверной части:
1) проверьте настройки приложения ВК (callback url итд)
2) проверьте ссылки, которые генерируете
-
Показать ещё
Загружается…
22 сент. 2023, в 14:16
500 руб./за проект
22 сент. 2023, в 13:48
300000 руб./за проект
22 сент. 2023, в 13:33
60000 руб./за проект
Минуточку внимания
So from strace output it doesn’t seem terraformer even attempts to open sa_key.json
env | grep YC
YC_SERVICE_ACCOUNT_KEY_FILE=/home/diver/terraform/sa_key.json
strace terraformer import yandex -r subnet --folder_ids b1gg5ic4o9tlkb64j21k 2>&1 | grep open
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/sys/kernel/mm/transparent_hugepage/hpage_pmd_size", O_RDONLY) = 3
openat(AT_FDCWD, "/usr/local/bin/terraformer", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/localtime", O_RDONLY) = 3
openat(AT_FDCWD, ".terraform/providers/registry.terraform.io", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, ".terraform/plugins/registry.terraform.io", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/home/diver/.terraform.d/providers/registry.terraform.io", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/home/diver/.terraform.d/plugins/registry.terraform.io", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, ".terraform/plugins/linux_amd64", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/home/diver/.terraform.d/plugins/linux_amd64", O_RDONLY|O_CLOEXEC) = 3
sergeyzwezdin opened this issue 3 years ago · comments
Trying to setup YF deployment. Here is how my workflow definition looks:
But when I run it, I’m getting an error:
Thanks for reaching out, will check it today!
@Goodsmileduck I added ENTRYPOINT. The error is gone, but now I have another one:
ERROR: failed to find function with name «test123»: iam token create failed: rpc error: code = Unauthenticated desc = OAuth token is invalid or expired
Does it mean that I need IAM token instead of API token in Yandex Cloud?
If so, I have public and private key — where to place both of them?
Сurrent state of action is kind of workaround to make deployment pipeline, I hope to check api of functions to write more native pipeline action.
Understood. Yes, with user token it works.
Hope it will support service accounts in the future.
Thank you for assistance!
перестала принимать токен, при этом CLI его принимает, а попытка его обновить приводит к получению того же самого токена.
russian
software
database
yandex-cloud
14:56 29.03.2022
8
ответов
А у поддержки лапки.
14:57 29.03.2022
дебаг в терраформе ничего интересного не показал?
14:57 29.03.2022
че пишет-то?
14:59 29.03.2022
Nikolay Matrosov
дебаг в терраформе ничего интересного не показал?
А как использовать?
14:59 29.03.2022
Nikolay Matrosov
че пишет-то?
Error: Error while requesting API to create Yandex Cloud Container: *********************** rpc error: code = Unauthenticated desc = OAuth token is invalid or expired
15:00 29.03.2022
Nikolay Matrosov
че пишет-то?
При этом токен точно живой, и конфигурация не менялась (оно работало).
15:01 29.03.2022
Котяй Негодяй
А как использовать?
https://www.terraform.io/internals/debugging
15:01 29.03.2022
Nikolay Matrosov
https://www.terraform.io/internals/debugging
Лол. Спасибо.
15:07 29.03.2022
I followed this guide to implement Yandex Oauth in my Ruby On Rails app. Few weeks I had no problems with it, but recently (few days ago) I am experiencing problem. I can’t get access token, refresh token and etc. because my request fails with 400 error code.
I am receiving this specific message:
{"error_description": "Code has expired", "error": "invalid_grant"}
From guide:
The lifespan of this code is 10 minutes. When it expires, a code must
be requested again.
But it never waits 10 minutes or even 10 seconds because as soon as my app gets authorization code it immediately makes POST request to change this authorization code for access token, refresh token and expiration. But this POST request fails because that authorization code seems to be expired.
From Yandex error descriptions:
invalid_grant ― Invalid or expired authorization code.
My code:
def yandex
require 'net/http'
require 'json' # => false
@user = User.from_omniauth(request.env["omniauth.auth"])
@client_id = Rails.application.secrets.client_id
@secret = Rails.application.secrets.password
@authorization_code = params[:code]
@user.update_attribute(:code, @authorization_code)
@user.update_attribute(:state, params[:state])
@post_body = "grant_type=authorization_code&code=#{@authorization_code}&client_id=#{@client_id}&client_secret=#{@secret}"
@url = "https://oauth.yandex.ru/token"
url = URI.parse(@url)
req = Net::HTTP::Post.new(url.request_uri)
req['host'] ="oauth.yandex.ru"
req['Content-Length'] = @post_body.length
req['Content-Type'] = 'application/x-www-form-urlencoded'
req.body = @post_body
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = (url.scheme == "https")
@response_mess = http.request(req)
refreshhash = JSON.parse(@response_mess.body)
access_token = refreshhash['access_token']
refresh_token = refreshhash['refresh_token']
access_token_expires_at = DateTime.now + refreshhash["expires_in"].to_i.seconds
if access_token.present? && refresh_token.present? && access_token_expires_at.present?
@user.update_attribute(:access_token, access_token)
@user.update_attribute(:refresh_token, refresh_token)
@user.update_attribute(:expires_in, access_token_expires_at)
sign_in(@user)
redirect_to admin_dashboard_index_path
end
end
My log:
Started GET "/users/auth/yandex/callback?state=31c11a86beecdeb55ab30887d56391a8cbafccdc85c456aa&code=5842278" for 212.3.192.116 at 2017-04-05 15:58:27 +0300
Cannot render console from 212.3.192.116! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by CallbacksController#yandex as HTML
Parameters: {"state"=>"31c11a86beecdeb55ab30887d56391a8cbafccdc85c456aa", "code"=>"5842278"}
I tried the same POST request in CHROME POSTMAN and received the same response as {"error_description": "Code has expired", "error": "invalid_grant"}
I have googled around but there isn’t any similar question.. It seems that the problem is at Yandex end, but how get around it ?
Any help will be appreciated.