...
...
...
...
...
...
...
Enterprise Issue Resolved
Enterprise API client code in LMS making an API call to an enterprise endpoint on LMS was failing because the JWT in the request was failing validation due to an incorrect JWT_AUTH['JWT_ISSUERS'] list in settings.
| Jira Legacy | ||||||
|---|---|---|---|---|---|---|
|
Instructions for testing this are in the Jira ticket above.
PR that fixed it: https://github.com/edx/configuration/pull/4656
Credentials Issue Resolved
Discovery service API client code in Credentials received a JWT with invalid issuer and audience claims signed with an incorrect secret. This was due to a configuration bug in LMS settings (LMS is the authz service). Also, JWTs are cached in memcached by the API client code for the life of the token (1 day).
https://credentials.stage.edx.org/credentials/3446ff661f044df785afcc44bcab2cf8/
| Jira Legacy | ||||||
|---|---|---|---|---|---|---|
|
Run Visit the credentials link above to verify that this is working on stage.
PR that fixed it: https://github.com/edx/configuration/pull/4654
Also we needed to clear the invalid cached JWT by having DevOps run the following from a stage credentials machine:
python
...
manage.py
...
shell
...
--command="from
...
django.core.cache
...
import
...
cache;
...
cache.delete('siteconfiguration_access_token_1')"
PRs related to OAuth Scopes Work
Initial implementation: https://github.com/edx/edx-platform/pull/18429
Unmerged revert PR (in case you need it): https://github.com/edx/edx-platform/pull/18484
Testing JWT creation
- Create an Application model.
- Create an ApplicationAccess model with "grades:read" and "certificates:read" scopes.
- Create an ApplicationOrganization model.
curl --header "Content-Type: application/x-www-form-urlencoded" \ --request POST \ --data 'grant_type=client_credentials&client_id={Application.client_id}&client_secret={Application.client_secret}&token_type=jwt&scope=grades%3Aread' \ https://{LMS_HOST}/oauth2/access_token