All requests being rejected with 401

nylontech · 2018-04-15 10:03:32 UTC

so this code was working for me great for well over two weeks with client credential oauth tokens…

function auth(server) {
  const jwt = require('restify-jwt-community')
  const jwks = require('jwks-rsa')
  const { errs, log } = require('./utils') // eslint-disable-line

  try {
    const jwtCheck = jwt({
      secret: jwks.expressJwtSecret({
        cache: true,
        rateLimit: false,
        jwksUri: 'https://[mydomain].auth0.com/.well-known/jwks.json'
      }),
      audience: 'https://api.[mydomain].com',
      issuer: 'https://[mydomain].auth0.com/',
      algorithms: ['RS256']
    }).unless({ path: ['/health'] })
    server.use(jwtCheck)
  } catch (err) {
    return new errs.UnauthorizedError(err)
  }
}

suddenly tonight, though, every request began throwing a 401. nothing changed in my configuration of this module and my client-side tokens are being properly generated from auth0. why would this suddenly cease to function with no change in credentials or any other factor? i have one user account.

nylontech · 2018-04-15 10:09:58 UTC

here’s the request and the result, redacted

[2018-04-15T09:03:17.692Z]  INFO: nylon/29863 on ip-[etc]: start request (type=request, id=501d9c1c-2ebc-4f26-82c2-822c60242b6c, req.remoteAddress=::ffff:127.0.0.1, req.remotePort=34918)
    GET /api/v3/vertical?id=homepage&limit=20&page=1 HTTP/1.1
    host: api.[mydomain].com
    x-real-ip: [etc.]
    x-forwarded-for: [etc.]
    accept: application/json, text/plain
    authorization: Bearer [eyJ0eX...MY_VERY_LONG_TOKEN...3Lerg]
    cloudfront-forwarded-proto: https
    user-agent: Amazon CloudFront
    via: 1.1 de390f2a4c2c110d009e8b1fc0fb9346.cloudfront.net (CloudFront)
    x-amz-cf-id: _NXea1hr3OZ4e7dkm6H4ca-V8Zue-6rhV4BEltPc0kOmPyO-4uoKTw==
    x-forwarded-port: 80
    x-forwarded-proto: http
[2018-04-15T09:03:17.694Z]  INFO: nylon/29863 on ip-[etc]: end request (type=request, id=501d9c1c-2ebc-4f26-82c2-822c60242b6c, duration=1.362858)
    HTTP/1.1 401 Unauthorized
    Server: [my_server]
    x-request-id: 501d9c1c-2ebc-4f26-82c2-822c60242b6c
    Content-Type: application/json
    Content-Length: 57
    Date: Sun, 15 Apr 2018 09:03:17 GMT
    Connection: keep-alive