Adding a new webhook for git results in failure

Recently , worked on a case where user had challenges in creating a webhook for git

We were hitting an exception stating

400 Bad Request from POST http://identity-service-prelide-sb.cluster.local:8000/csp/gateway/am/api/auth/api-tokens/authorize

When we fill all the information needed to save / create the webhook , we hit above exception. So what's happening in the background . We will find all the information w.r.t this error in codestream logs

When an API call is made to authorize 

2022-05-24T02:13:15.501Z DEBUG codestream [host='codestream-app-74cd595686-6vxfc' thread='parallel-9' user='' org='' trace='' parent='' span=''] o.s.w.r.f.client.ExchangeFunctions.traceDebug:119 - [4baaf594] HTTP POST http://identity-service.prelude.svc.cluster.local:8000/csp/gateway/am/api/auth/api-tokens/authorize

This returns a 400 response stating invalid refresh token 

2022-05-24T02:13:15.895Z INFO identity-service [host='identity-service-app-7857cb8674-4v5nq' thread='pool-3-thread-1' user='' org='' trace='']$logRequest$1:74 - POST 
2022-05-24T02:13:15.916Z ERROR identity-service [host='identity-service-app-7857cb8674-4v5nq' thread='reactor-http-epoll-3' user='' org='' trace=''] c.v.i.c.RestResponseEntityExceptionHandler.logBriefError:213 - Handling bad request exception: java.lang.IllegalArgumentException: REST error received: { 
          "error": "invalid_grant", 
          "error_description": "Invalid refresh token: Njg3MDIxNjg2MjI0OmsuDq93TLejOHGxNc0uR5eMuskn" 
        }, status code: 400 BAD_REQUEST 
           thrown at com.vmware.identity.common.util.WebClientUtil.handleException:36 
2022-05-24T02:13:15.916Z INFO identity-service [host='identity-service-app-7857cb8674-4v5nq' thread='reactor-http-epoll-1' user='' org='' trace=''] - - - [24/May/2022:02:13:15 +0000] "POST /csp/gateway/am/api/auth/api-tokens/authorize HTTP/1.1" 400 303 8080 414 ms

After exception in identity-service, codestream throws the same exception 

2022-05-24T02:13:15.916Z DEBUG codestream [host='codestream-app-74cd595686-6vxfc' thread='reactor-http-epoll-12' user='' org='' trace='' parent='' span=''] o.s.w.r.f.client.ExchangeFunctions.traceDebug:119 - [4baaf594] [166c65f5-1] Response 400 BAD_REQUEST 
2022-05-24T02:13:15.918Z INFO codestream [host='codestream-app-74cd595686-6vxfc' thread='reactor-http-epoll-10' user='' org='' trace='' parent='' span='] - - - [24/May/2022:02:13:15 +0000] "POST /codestream/api/git-webhooks HTTP/1.1" 400 330 8000 438 ms


The reason for exception is that there is a section called API Token in WebHooks. This API token is the refresh token generated from vRA

This token has to be valid

Once this was changed and a valid token was provided , we were able to save the webhook or create it.

One more method to verify if the token is expired is through the API response

The Expires HTTP header contains the date/time after which the response is considered expired. Invalid expiration dates with value 0 represent a date in the past and mean that the resource is already expired


8 views0 comments

Recent Posts

See All

vRealize Automation 8.8.1 was released last evening and here's my experience in implementing in my lab. I've attached Upgrade runbook vRA 8.8.1 Deep-Dive.pdf document which contains all of the steps