Access token expires and causes exception every 10 hours src/OneLoginClient/OneLoginClient.cs

[keziashirazi98]

Hi,

Thank you for your code it has provided great use to me! However, I have found a bug in src/OneLoginClient/OneLoginClient.cs.

Summary
My script uses this OneLoginClientDotNet package. It runs every hour. A 'NullReferenceException' is raised every 10 hours.

The code failure occurs inside src/OneLoginClient/OneLoginClient.cs:

• The NullReferenceException is raised on line 97 (nextLink = result.Pagination.NextLink;) within the GetNextPages function
• This is because the access token, used by the client to make an API call to OneLogin, expires every 10 hours and the same access token is still used until the http request returns a 'forbidden' response. This is described here.
• On line 95 (var result = await GetResource<T>(nextLink);), the code generates an expired token after 10 hours.
• This forbids access for the client to OneLogin, which is shown by the 'forbidden' response (401) from OneLogin in the ParseHttpResponse() function
• This returns a null var result and causes the NullReferenceException to be thrown.
• My script then fails due to the NullReferenceException and stops running. It is then automatically rerun by kubernetes and the script runs fine as a new access token is generated.

What is the current bug behavior?
A NullReferenceException is raised every 10 hours due to access token expiring

What is the expected correct behavior?
A new token would be generated every 9-10 hours before the access token expires to avoid the Exception being thrown.

[jacerhea]

Thanks so much for the detailed report. I should be able to get a fix out in the next day or two.

[keziashirazi98]

Hi Jacerhea, I was just wondering if you know when you'll get this done by any chance? Because when it's done I'll need to update my library, thanks again !

[jacerhea]

I've pushed an alpha release out, which covers this issue. Unfortunately, I can't test it now as I'm having issues with my onelogin dev account. https://www.nuget.org/packages/OneLogin.API/2.0.0-alpha

[keziashirazi98]

Thank you so much !

[keziashirazi98]

Hi Jacerhea,

Thank you for for fixing the previous bug, unfortunately there is now another bug.

Summary
This bug is due to the GetNextPages() function running through the CreateRequest() function when it is called. This results in a 'UriFormatException'.

The code failure occurs inside src/OneLoginClient/OneLoginClient.cs of the 2.0.0-alpha version (the develop branch):

• GetNextPages() (line 94) takes a T source which is then used to get the NextLink.
• The NextLink in GetNextPages() is an absolute URL. This is then passed into GetResource() (on line 102) and then into CreateRequest() (on line 139). Up until here everything is fine.
• But the CreateRequest() function takes a relativeUri, not an absolute uri and when it is given an absolute uri, it creates a null httpRequest, and line 256 httpRequest.Headers.Authorization = await GetAuthenticationHeader(); raises the error 'httpRequest.Headers threw an exception of type System.NullReferenceException' because httpRequest is null.
• This ultimately results in GetNextPages() raising the error "A relative URI cannot be created because the 'uriString' parameter represents an absolute URI.".

Furthermore, the GetUsers() function (on line 17 of src/OneLoginClient/OneLoginClient.Users.cs) creates a relative URL and also passes this through the GetResource() function and into the CreateRequest() function (in src/OneLoginClient/OneLoginClient.cs). So although this flow works for GetUsers(), the CreateRequest() function should either take an absolute URL or a relative URL from different functions but not both.

What is the current bug behavior?
Different functions pass both absolute and relative URLs into the CreateRequest() function on line 246 when the function only takes relative URLs. When an absolute URL is passed into CreateRequest(), a NullReferenceException occurs and then a UriFormatException is raised as the URL is not relative

What is the expected correct behavior?
Either the CreateRequest() function checks if the URL is relative or absolute and creates the httpRequest accordingly (e.g. using an if else statement). Or all the functions that pass into CreateRequest() should be changed to use either an absolute URL or a relative URL and the function should make an httpRequest using only that type of URL.