You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Prometheus Users
Hi,
we use the blackbox exporter to probe our services which use OAuth2 (client credentials flow). The probing works fine but it is sometimes flaky and I could see that sometimes the response seems to be a non valid token.
How does the blackbox exporter work? For each new probe will it get a fresh token or is the token stored and it only gets a new one after it has expired?
Thank you for your support.
Julien Pivotto
unread,
Nov 26, 2022, 6:27:59 PM11/26/22
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Fabian Säglitz, Prometheus Users
The token should be stored and we should get a new one after expiry.
```
TokenSource returns a TokenSource that returns t until t expires,
automatically refreshing it as necessary using the provided context and
the client ID and client secret.
```
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Prometheus Users
Thank you for your reply.
We use the blackbox exporter for our end-to-end probing. The result of those probes we display in Grafana. The Problem is that it is sometimes flaky. We probe every 15s and we have quite some services which we probe against.
Now sometimes the monitoring gets red because the token has already expired when blackbox exporter is executing the request.
How can we overcome this?
Brian Candler
unread,
Dec 14, 2022, 6:29:11 AM12/14/22
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Prometheus Users
> Now sometimes the monitoring gets red because the token has already expired when blackbox exporter is executing the request
Can you demonstrate that the problem is definitely because the token has expired, not some other scraping issue?
For example, can you capture the token sent to the target, decode it, and show that the expiry date is in the past? Or are you getting a specific HTTP error response which says the token has expired?
Brian Candler
unread,
Dec 14, 2022, 6:43:19 AM12/14/22
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Prometheus Users
And just to rule out the obvious: are the clocks on the prometheus server, the target, and the IDP all synced with NTP?