Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Catch token auth errors and present a friendly error message #350

Open
liffiton opened this issue Aug 31, 2018 · 9 comments
Open

Catch token auth errors and present a friendly error message #350

liffiton opened this issue Aug 31, 2018 · 9 comments

Comments

@liffiton
Copy link

Earlier today I had a class of about 25 students do a dry-run of submitting an assignment through okpy today, and almost all attempts failed with errors from okpy. My attempts during class also mostly failed, though I have no problems running it by myself before or after. I have a few ideas about what might have caused it, and I'm wondering if you can provide some help understanding this:

  • I had students going through the steps together, waiting for people to catch up in many cases, and so there may have been a minute or so between most students receiving their auth token and pasting it into their notebooks (we're using Jupyter). Is there a short time limit on the validity of those tokens?
  • Or perhaps the fact that up to 25 auth requests were coming all at once from the same IP (a jupyterhub server behind a campus NAT) could cause a problem?
  • Or finally, is it possibly just a load issue caused by 25 students trying to authorize at once? This seems least likely.

Thanks for any help or ideas you can provide.

@Sumukh
Copy link
Member

Sumukh commented Sep 4, 2018

Is it possible that the OK auth files are being written to same place (do students share a home directory?)

@liffiton
Copy link
Author

liffiton commented Sep 4, 2018

That's a good thought, but no they don't. Each student has their own user and home directory.

I've tested it out a bit, and I think at least some of the trouble does come from the authorization codes timing out. If you get an auth code and wait a bit before pasting it in to use it, you end up with an auth error. I'm guessing that is by design, but if so, some more informative error message would be very helpful. If we had received a message telling us the code had timed out in some way, we would have known we should just try again.

@Sumukh
Copy link
Member

Sumukh commented Sep 4, 2018 via email

@Sumukh
Copy link
Member

Sumukh commented Sep 4, 2018 via email

@liffiton
Copy link
Author

liffiton commented Sep 5, 2018

I've tested it more, and it seems to be fairly consistent. I can't test it enough to find a clear cutoff, but if I wait maybe two minutes or more before entering the code, I get the following:

from client.api.notebook import Notebook
ok = Notebook('A1.ok')
import os
if not os.path.exists(os.path.join(os.environ.get("HOME"), ".config/ok/auth_refresh")):
    ok.auth(force=True)
else:
    ok.auth(inline=True)
_ = ok.submit()
=====================================================================
Assignment: Assignment 1: Writing Simple Programs
OK, version v1.13.11
=====================================================================


Open the following URL:

https://okpy.org/client/login/

After logging in, copy the code from the web page and paste it into the box.
Then press the "Enter" key on your keyboard.

Paste your code here:  [code pasted here]

ERROR  | auth.py:91 | {'error': 'invalid_grant'}

---------------------------------------------------------------------
Authentication error: invalid grant
---------------------------------------------------------------------
Javascript Error: IPython is not defined

Javascript Error: IPython is not defined

Saving notebook... Could not save your notebook. Make sure your notebook is saved before sending it to OK!
Performing authentication
Please enter your bCourses email.

bCourses email: 

The javascript errors are just due to incompatibility with JupyterLab, I believe.

@Sumukh
Copy link
Member

Sumukh commented Sep 5, 2018

You are right - we expire them after 100 seconds. We can increase this to be a bit more reasonable.

https://github.com/okpy/ok/blob/master/server/controllers/oauth.py#L37

@liffiton
Copy link
Author

liffiton commented Sep 5, 2018

Ah, okay.

It was only an issue because of how the class waited for everyone to catch up before I told them to move on. It's probably not an issue in normal use, but if there's no problem with extending the expiration time, then it would save a few other people in situations like mine from a bit of trouble.

Thanks!

@Sumukh
Copy link
Member

Sumukh commented Sep 5, 2018

I've extended it to 5 min for now. okpy/ok@7e8928e

I'm going to leave this issue open & rename it so that we can present a better error message.

@Sumukh Sumukh changed the title Numerous auth errors during class Catch token auth errors and present a friendly error message Sep 5, 2018
@liffiton
Copy link
Author

liffiton commented Sep 5, 2018

Sounds good to me. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants