I have a unique and strange issue with Ory Oathkeeper proxy.
Proxy calls are working fine with a correct token but when a token is expired or wrong then I am not getting any response in the browser call.
But when I hit the same route with cURL then it gives the response:
{"error":{"code":403,"status":"Forbidden","reason":"Access token introspection says token is not active","message":"Access credentials are not sufficient to access this resource"}}
and bothe time in the oathkeeper logs it says correct:
INFO[1153] completed handling request measure#oathkeeper-proxy.latency=556985 method=GET remote="[::1]:60834" request=/users-api/user status=403 text_status=Forbidden took="556.985µs"
INFO[3718] started handling request method=OPTIONS remote="[::1]:56592" request=/users-api/user
WARN[3718] Access request granted access_url="http://localhost:3000/user" granted=true
INFO[3718] completed handling request measure#oathkeeper-proxy.latency=419740 method=OPTIONS remote="[::1]:56592" request=/users-api/user status=200 text_status=OK took="419.74µs"
INFO[3718] started handling request method=GET remote="[::1]:56592" request=/users-api/user
WARN[3718] The authentication handler encountered an error access_url="http://localhost:4455/users-api/user" authentication_handler=oauth2_introspection error="Access credentials are not sufficient to access this resource" granted=false reason_id=authentication_handler_error
WARN[3718] Access request denied access_url="http://localhost:4455/users-api/user" error="Access credentials are not sufficient to access this resource" granted=false
ERRO[3718] An error occurred while handling a request code=403 details="map[]" error="Access credentials are not sufficient to access this resource" reason="Access token introspection says token is not active" request-id= status=Forbidden trace="Stack trace: \ngithub.com/ory/oathkeeper/proxy.(*AuthenticatorOAuth2Introspection).Authenticate\n\t/home/ridham/go/src/github.com/ory/oathkeeper/proxy/authenticator_oauth2_introspection.go:119\ngithub.com/ory/oathkeeper/proxy.(*RequestHandler).HandleRequest\n\t/home/ridham/go/src/github.com/ory/oathkeeper/proxy/request_handler.go:100\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director\n\t/home/ridham/go/src/github.com/ory/oathkeeper/proxy/proxy.go:121\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director-fm\n\t/home/ridham/go/src/github.com/ory/oathkeeper/cmd/serve_proxy.go:219\nnet/http/httputil.(*ReverseProxy).ServeHTTP\n\t/usr/local/go/src/net/http/httputil/reverseproxy.go:197\ngithub.com/urfave/negroni.Wrap.func1\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/metricsx.(*MetricsManager).ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:207\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/meatballhat/[email protected]/middleware.go:136\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2741\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1847\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1333" writer=JSON
INFO[3718] completed handling request measure#oathkeeper-proxy.latency=945779 method=GET remote="[::1]:56592" request=/users-api/user status=403 text_status=Forbidden took="945.779µs"
INFO[4016] started handling request method=GET remote="127.0.0.1:37218" request=/users-api/user
WARN[4016] The authentication handler encountered an error access_url="http://localhost:4455/users-api/user" authentication_handler=oauth2_introspection error="Access credentials are not sufficient to access this resource" granted=false reason_id=authentication_handler_error
WARN[4016] Access request denied access_url="http://localhost:4455/users-api/user" error="Access credentials are not sufficient to access this resource" granted=false
ERRO[4016] An error occurred while handling a request code=403 details="map[]" error="Access credentials are not sufficient to access this resource" reason="Access token introspection says token is not active" request-id= status=Forbidden trace="Stack trace: \ngithub.com/ory/oathkeeper/proxy.(*AuthenticatorOAuth2Introspection).Authenticate\n\t/home/ridham/go/src/github.com/ory/oathkeeper/proxy/authenticator_oauth2_introspection.go:119\ngithub.com/ory/oathkeeper/proxy.(*RequestHandler).HandleRequest\n\t/home/ridham/go/src/github.com/ory/oathkeeper/proxy/request_handler.go:100\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director\n\t/home/ridham/go/src/github.com/ory/oathkeeper/proxy/proxy.go:121\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director-fm\n\t/home/ridham/go/src/github.com/ory/oathkeeper/cmd/serve_proxy.go:219\nnet/http/httputil.(*ReverseProxy).ServeHTTP\n\t/usr/local/go/src/net/http/httputil/reverseproxy.go:197\ngithub.com/urfave/negroni.Wrap.func1\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/metricsx.(*MetricsManager).ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:207\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/meatballhat/[email protected]/middleware.go:136\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/home/ridham/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2741\nnet/http.(*conn).serve\n\t33/usr/local/go/src/net/http/server.go:1847\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1333" writer=JSON
INFO[4016] completed handling request measure#oathkeeper-proxy.latency=2678217 method=GET remote="127.0.0.1:37218" request=/users-api/user status=403 text_status=Forbidden took=2.678217ms
What’s the solution over here?