The timestamp shows that it does a POST to /api/oidc/token at the exact
same time as the POST for /api/oidc/devicecode, and then gets a Apr 28
13:26:13 ipa-test.int.domain.net oidc_child[13187]:
{"error_description":"Slow down","error":"slow_down"}.
So it seems that the oidc_child never waits for but instantly tries /token
and then stops efter the Slow down error.Den ons. 30. apr. 2025 kl. 10.16 skrev Sumit Bose <[email protected]>: > Am Wed, Apr 30, 2025 at 09:07:12AM +0200 schrieb Anders Wittendorff: > > I have this in the logs: > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: libcurl: > > POST > > /api/oidc/devicecode HTTP/2 > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: libcurl: < > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: > > > {"user_code":"xxxx-yyyy","device_code":"xyz=","interval":5,"verification_uri_complete":"https:\/\/ > > customer.de.auth.com > > \/api\/oidc\/device?user_code=xxxx-yyyy","verification_uri":"https:\/\/ > > customer.de.auth.com\/api\/oidc\/device","expires_in":300} > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: libcurl: * > > TLSv1.2 (IN), TLS header, Unknown (23): > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: libcurl: * > > Connection #0 to host customer.de.auth.com left intact > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: Result does > not > > contain the 'message' string. > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: user_code: > > [xxxx-yyyy]. > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: > > verification_uri: [https://customer.de.auth.com/api/oidc/device]. > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: > > verification_uri_complete: [ > > https://customer.de.auth.com/api/oidc/device?user_code=xxxx-yyyy]. > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: message: > > [(null)]. > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: device_code: > > [xyz=]. > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: expires_in: > > [300]. > > Apr 28 13:26:13 ipa-test.int.domain.net oidc_child[13187]: interval: > [5]. > > Hi, > > thanks, so the server side asks to check every 5s or less often. Can you > check the timestamps of the access of the token endpoint? Did you by > chance pressed enter in less than 5s after the URI var displayed in the > ssh prompt? > > bye, > Sumit > > > > > Den tirs. 29. apr. 2025 kl. 16.18 skrev Sumit Bose <[email protected]>: > > > > > Am Mon, Apr 28, 2025 at 01:31:26PM -0000 schrieb Anders Wittendorff via > > > FreeIPA-users: > > > > I would have to remove a lot of data from it, is there specific > parts of > > > the flow you would like to see? > > > > > > Hi, > > > > > > there should be lines before the error which contain `expires_in: > > > [SOME_VALUE].` and `interval: [%d].`. It would be good to know those > > > value. Additionally the timestamps of the requests which were send to > > > the token endpoint. Please note that there is already on request to the > > > token endpoint in the first roundtrip where the device code and the URI > > > and the one time PIN are requested. This is typically needed to make > the > > > IdP server waiting for the one time PIN. > > > > > > bye, > > > Sumit > > > > > > > -- > > > > _______________________________________________ > > > > FreeIPA-users mailing list -- [email protected] > > > > To unsubscribe send an email to > > > [email protected] > > > > Fedora Code of Conduct: > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > > List Archives: > > > > https://lists.fedorahosted.org/archives/list/[email protected] > > > > Do not reply to spam, report it: > > > https://pagure.io/fedora-infrastructure/new_issue > > > > > > > >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
