Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unhandled exception when renewing login from a different Cognito user pool #339

Open
victorlin opened this issue Dec 15, 2023 · 1 comment
Open

Unhandled exception when renewing login from a different Cognito user pool #339

victorlin opened this issue Dec 15, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@victorlin
Copy link
Member

victorlin commented Dec 15, 2023
edited
Loading

Current Behavior

# Start local nextstrain.org server

# Log in to the testing Cognito user pool
export NEXTSTRAIN_DOT_ORG=http://localhost:5000
export NEXTSTRAIN_COGNITO_USER_POOL_ID="$(jq -r .COGNITO_USER_POOL_ID ../nextstrain.org/env/testing/config.json)"
export NEXTSTRAIN_COGNITO_CLI_CLIENT_ID="$(jq -r .OAUTH2_CLI_CLIENT_ID ../nextstrain.org/env/testing/config.json)"
nextstrain login

# Attempt re-authentication against the production Cognito user pool, which fails with output below
unset NEXTSTRAIN_DOT_ORG NEXTSTRAIN_COGNITO_USER_POOL_ID NEXTSTRAIN_COGNITO_CLI_CLIENT_ID
nextstrain login

Output is an unhandled exception:

Traceback (most recent call last):
  File "runpy", line 196, in _run_module_as_main
  File "runpy", line 86, in _run_code
  File "nextstrain.cli.__main__", line 43, in <module>
  File "nextstrain.cli.__main__", line 19, in main
  File "nextstrain.cli", line 36, in run
  File "nextstrain.cli.command.login", line 101, in run
  File "nextstrain.cli.authn", line 165, in current_user
  File "nextstrain.cli.authn.session", line 615, in verify_tokens
  File "nextstrain.cli.authn.session", line 631, in _verify_id_token
  File "jwt.jwks_client", line 108, in get_signing_key_from_jwt
  File "jwt.jwks_client", line 99, in get_signing_key
jwt.exceptions.PyJWKClientError: Unable to find a signing key that matches: <kid>

Expected behavior

Output is an error message with instructions to remediate.

Possible solution

Catch the PyJWKClientError and throw a NextstrainCliError with a meaningful message. Example:

Unable to verify existing session. Please re-authenticate using
`nextstrain logout` and `nextstrain login`.

Your environment: if running Nextstrain locally

Nextstrain CLI version 7.4.0

Additional context

I think real users will only ever have access to one user pool, so this seems developer-facing. That stays the case even with #333 where it'd be one user pool per remote. However, if a user happens to edit their secrets file directly, that can cause a similar unhandled exception.
@victorlin victorlin added the bug Something isn't working label Dec 15, 2023
@jameshadfield
Copy link
Member

I think real users will only ever have access to one user pool, so this seems developer-facing.

In this case it'd be helpful to not only provide instructions to remedy (great!) but also a possible explanation as to why this happened.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jameshadfield @victorlin