Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

net::ERR_CONNECTION_CLOSED when Bearer token over 5260 characters.

See original GitHub issue

Hi Team,

I’m using version 3.25. I get a strange issue for one of the users (unfortunately tester). When the user tries to execute API gets the result:

CODE: undocumented; Details: TypeError: Failed to fetch On console, we get: net::ERR_CONNECTION_CLOSED

We are using Bearer Token authorization. The only difference between working user cases and fail is the token. A user on with it fails have many roles stored in the token and the length of the header token is over 5260 chars.

Way to reproduce:

Create API with Header Bearer Token authorization.
Call API by setting token over 5260 chars length.

There is no issue when the user calls endpoint through curl command or postman.

Example API:

{
  "openapi": "3.0.1",
  "info": {
    "title": "Warehouse API",
    "version": "v1"
  },
  "paths": {
    "/api/test": {
      "get": {
        "tags": [
          "test"
        ],
        "parameters": [ ],
		"responses": {
			"200": {
				"description": "Success"
			}
		}
      },  
	},
  },
  "components": {
	"schemas": {},
    "securitySchemes": {
      "TST-Bearer": {
        "type": "apiKey",
        "description": "JWT Authorization header using the Bearer scheme. Example: \"TST-Authorization: Bearer {token}\"",
        "name": "TST-Authorization",
        "in": "header"
      }
    }
  },
  "security": [
    {
      "TST-Bearer": [
        "readAccess",
        "writeAccess"
      ]
    }
  ]
}

Issue Analytics

State:
Created 3 years ago
Comments:8 (1 by maintainers)

Top GitHub Comments

1reaction

chunyeowcommented, Jan 27, 2021

After a few round of digging and understanding the issue, this is not relevant to swagger UI instead due to the proxy in front of API server. In our case, we are deploying the ingress controller at Kubernetes cluster that have restriction of http2-max-header-size that causing the “long” request header to be rejected.

0reactions

GaetanoPiazzollacommented, Sep 18, 2021

Nginx does not write anything. It seems that it’s blocked by the browser. Very strange behavior. Anyway with the configuration specified above everything works correctly.

Top Results From Across the Web

The OAuth 2.0 Authorization Framework: Bearer Token Usage

This specification defines the use of bearer tokens over HTTP/1.1 [RFC2616] using Transport Layer Security (TLS) [RFC5246] to access protected resources.

Access Token Response - OAuth 2.0 Simplified

A simple implementation of Bearer Tokens is to generate a random string and store it in a database along with the associated user...

Account Manager oauth access token request is failing

Probable Cause : Customers using OAuth2 clients that are sending client Id and secret in the authentication header and where the secret contains...

How to get an access token with Authorization Code Grant

Ensure that there are no extra spaces on the start and end portions of the string, and that no characters have been truncated....