UAA agressively consumes CPU or crashes when we create a big amount of API requests

Created by George I., Modified on Thu, 16 Mar 2023 at 01:35 PM by George I.


Problem

This type of authentication could lead to crashing of UAA service due to DoS on CPU as each such auth attempt generates crypto tasks which are quite demanding in terms of CPU resources. The longer is JWT token in the settings, the more resources will be needed by UAA. This data is not cached at the moment and each task will be executed independently, hence the abnormal CPU load.

Solution

To avoid this, you first need to generate the Bearer token and then use it in all following API requests with alternative authentication method. 
Here is and example:

Getting the access token

export ENDPOINT="https://allure.company.com"
export USER_TOKEN="ef06773a-544b-4f0b-ad53-5a11972c8b74"
 
echo "Try to obtain jwt token"
JWT_TOKEN=$(curl -s -X POST "${ENDPOINT}/api/uaa/oauth/token" \
     --header "Expect:" \
     --header "Accept: application/json" \
     --form "grant_type=apitoken" \
     --form "scope=openid" \
     --form "token=${USER_TOKEN}" \
     | jq -r .access_token)

Using the access token

curl -s -G "${ENDPOINT}/api/uaa/me" \
     --header "Accept: application/json" \
     --header "Authorization: Bearer ${JWT_TOKEN}" \

et voila !

The usage of such token will require less CPU and UAA will be able to process a bug amount of API requests.

This generated JWT token has limited validity defined in the configuration parameters of your instance via ALLURE_JWT_ACCESS_TOKEN_VALIDITY_SECONDS. By default it's 60 minutes.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article