Problem
This type of authentication could lead to crashing of UAA service due to DoS on CPU as each such auth attempt generates crypto tasks which are quite demanding in terms of CPU resources. The longer is JWT token in the settings, the more resources will be needed by UAA. This data is not cached at the moment and each task will be executed independently, hence the abnormal CPU load.
Solution
To avoid this, you first need to generate the Bearer token and then use it in all following API requests with alternative authentication method.
Here is and example:
Getting the access token
export ENDPOINT="https://allure.company.com"
export USER_TOKEN="ef06773a-544b-4f0b-ad53-5a11972c8b74"
echo "Try to obtain jwt token"
JWT_TOKEN=$(curl -s -X POST "${ENDPOINT}/api/uaa/oauth/token" \
--header "Expect:" \
--header "Accept: application/json" \
--form "grant_type=apitoken" \
--form "scope=openid" \
--form "token=${USER_TOKEN}" \
| jq -r .access_token)Using the access token
curl -s -G "${ENDPOINT}/api/uaa/me" \
--header "Accept: application/json" \
--header "Authorization: Bearer ${JWT_TOKEN}" \et voila !
The usage of such token will require less CPU and UAA will be able to process a bug amount of API requests.
This generated JWT token has limited validity defined in the configuration parameters of your instance via ALLURE_JWT_ACCESS_TOKEN_VALIDITY_SECONDS. By default it's 60 minutes.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article