Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Improve client API behavior when interacting with an unauthorized client api

See original GitHub issue

Current behavior

Authorization of the client api is supposed to happen automatically through tokens specified in environment variables, configs or parameters. When tokens are not provided correctly, the api fails in various ways without telling specifically whats wrong - like a missing or wrong token.

Proposed behavior

Give better guidance on how to fix the underlying problem - failing authentication of the client or agent.

Example

When PREFECT__CLOUD__AUTH_TOKEN isn’t configured, calling agent.register leads to the error prefect.utilities.exceptions.ClientError: Malformed response received from Cloud - please ensure that you have an API token properly configured without telling specifically which token is missing and how to make sure it is provided.
When a token is provided, but the system hasn’t ever been logged on properly, agent.register tries to search for the project using an unauthorized API, thus failing with prefect.utilities.exceptions.ClientError: [{'path': ['project'], 'message': 'field "project" not found in type: \'query_root\'', 'extensions': {'path': '$.selectionSet.project', 'code': 'validation-failed', 'exception': {'message': 'field "project" not found in type: \'query_root\''}}}]

Issue Analytics

State:
Created 3 years ago
Comments:16 (1 by maintainers)

Top GitHub Comments

3reactions

lcorneliussencommented, Sep 24, 2020

I’m then also starting the agent using flow.run_agent().

In order to get everything working from docker (isolated env) I had to:

Provide a tenant token for PREFECT__CLOUD__AUTH_TOKEN
Provide a runner token for PREFECT__CLOUD__AGENT__AUTH_TOKEN
Authenticate using prefect auth login -t ${PREFECT__CLOUD__AUTH_TOKEN}
Then start the script that registers the flow and starts the agent

What a beautiful picture in Azure Container Services towards the end of the week.

The goal was to get a minimal setup running with prefect and great expectations. Done.

1reaction

larochewcommented, Oct 19, 2020

I felt like I had the same issue. Simply had the prefect.utilities.exceptions.ClientError: Malformed response received from Cloud - please ensure that you have an API token properly configured error pop up. In my case, I hadn’t made the distinction between RUNNER and TENANT tokens. I tried setting PREFECT__CLOUD__AGENT__AUTH_TOKEN, PREFECT__CLOUD__AUTH_TOKEN individually and then together, but always to the same RUNNER token value, which was my mistake.

And this was only giving an error in the docker container and not on my machine, since I had previously logged in as a USER with prefect auth login.

So for those of you new to Prefect such as myself who might have the same issue, you need a different token for PREFECT__CLOUD__AGENT__AUTH_TOKEN and PREFECT__CLOUD__AUTH_TOKEN, not the same one.

Top Results From Across the Web

Securing APIs: 10 Best Practices for Keeping Your Data and ...

Best Practices for Securing APIs · Prioritize security. · Inventory and manage your APIs. · Use a strong authentication and authorization solution.

How a RESTful API server reacts to requests - O'Reilly

Learn how to properly design RESTful APIs communication with clients, accounting for request structure, authentication, and caching.

Client created via management api is broken until dashboard ...

following a client create by API. It took quite a few hours to narrow down the root case of the problem. We're automating...

Client-Server API - Matrix Specification

Some API endpoints require authentication that interacts with the user. The homeserver may provide many different ways of authenticating, such as user/password ...

Guide to building an enterprise API strategy | TechTarget

APIs enable enterprises to better deliver diverse data and services to internal and external customers, and open up new revenue streams.