OAuth token refresh - how does it work?
184 views
Skip to first unread message
Fabian Säglitz
Nov 26, 2022, 6:29:32 AM11/26/22
to Prometheus Users
Hi,
we use the blackbox exporter to probe our services which use OAuth2 (client credentials flow).
The probing works fine but it is sometimes flaky and I could see that sometimes the response seems to be a non valid token.
How does the blackbox exporter work? For each new probe will it get a fresh token or is the token stored and it only gets a new one after it has expired?
The probing works fine but it is sometimes flaky and I could see that sometimes the response seems to be a non valid token.
How does the blackbox exporter work? For each new probe will it get a fresh token or is the token stored and it only gets a new one after it has expired?
Thank you for your support.
Julien Pivotto
Nov 26, 2022, 6:27:59 PM11/26/22
to Fabian Säglitz, Prometheus Users
We are using
https://pkg.go.dev/golang.org/x/oau...@v0.2.0/clientcredentials
```
TokenSource returns a TokenSource that returns t until t expires,
automatically refreshing it as necessary using the provided context and
the client ID and client secret.
```
>
> --
> You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/86e3054d-54da-45de-a599-707b248329e3n%40googlegroups.com.
--
Julien Pivotto
@roidelapluie
Fabian Säglitz
Dec 14, 2022, 5:44:06 AM12/14/22
to Prometheus Users
Thank you for your reply.
We use the blackbox exporter for our end-to-end probing. The result of those probes we display in Grafana.
The Problem is that it is sometimes flaky. We probe every 15s and we have quite some services which we probe against.
The Problem is that it is sometimes flaky. We probe every 15s and we have quite some services which we probe against.
Now sometimes the monitoring gets red because the token has already expired when blackbox exporter is executing the request.
How can we overcome this?
Brian Candler
Dec 14, 2022, 6:29:11 AM12/14/22
to Prometheus Users
> Now sometimes the monitoring gets red because the token has already expired when blackbox exporter is executing the request
Can you demonstrate that the problem is definitely because the token has expired, not some other scraping issue?
For example, can you capture the token sent to the target, decode it, and show that the expiry date is in the past? Or are you getting a specific HTTP error response which says the token has expired?
Brian Candler
Dec 14, 2022, 6:43:19 AM12/14/22
to Prometheus Users
And just to rule out the obvious: are the clocks on the prometheus server, the target, and the IDP all synced with NTP?
Reply all
Reply to author
Forward
0 new messages