CODEWITHSUNDEEP
azureazure-cosmosdb
Amit_Hora
Amit_Hora

Reputation: 708

Unauthorized, The input authorization token can't serve the request

I am trying to obtain documentdbclient using the resourcetokens. I have a redis cluster with key as user identity and value as the resourcetoken. I have a service that uses master key to generate resourcetokens for the user and updates them in Redis. I am using the below code to create resource token in my master service

  ResourceResponse<Permission> readPermissions = documentClient.readPermission("/dbs/customerdb/users/mobileuser/permissions/readperm", null);
        String accessToken=permission.getToken();
DocumentClient documentClient = new DocumentClient(HOST, MASTER_KEY,
                     ConnectionPolicy.GetDefault(), ConsistencyLevel.Session);

Then i use below code to get resourcetoken and store it in redis

jedis.put("Client_1",readPermissions .getResource().getToken());

Now, at client side when i try to create documentClient using the resourcetoken

DocumentClient manageClient = new DocumentClient(HOST,  jedis.get("Client_1"),ConnectionPolicy.GetDefault(), ConsistencyLevel.Session);

I get logs stating unauthorized and following that the error

Unauthorized, The input authorization token can't serve the request

I have created a user called mobileuser on database customerdb and permission with mode PermissionMode.Read on collection customers

I changed my code to be very sure that the tokens are not getting expired but still getting error

  java.lang.IllegalStateException: com.microsoft.azure.documentdb.DocumentClientException: The input authorization token can't serve the request. Please check that the expected payload is built as per the protocol, and check the key being used. Server used the following payload to sign: 'get

colls dxhxakm3caa= mon, 05 jun 2017 08:56:40 gmt

below id the code that i used to get the token 

    ResourceResponse<Permission> permissions=documentClient.readPermission("/dbs/customerdd/users/mobileuser/permissions/readperm", null);
    System.out.println(permissions.getResource().getResourceLink());
    DocumentClient managedClient=new DocumentClient(HOST,permissions.getResource().getToken(), ConnectionPolicy.GetDefault(), ConsistencyLevel.Session);
    FeedResponse<Document> response = managedClient.queryDocuments(collection.getResource().getSelfLink(), "SELECT customers.source FROM customers where customers.source='direct-mail'", null);
    Iterator<Document> itr = response.getQueryIterator();
    while(itr.hasNext()){
        Document doc=itr.next();
        System.out.println(doc.get("source"));
    }

Any pointer will be of a great help

Upvotes: 1

Views: 5336

Answers (1)

Fei Han
Fei Han

Reputation: 27793

Unauthorized, The input authorization token can't serve the request

As far as I know, the default valid timespan of the resource token is one hour. And if the resource token expires, subsequent requests receive a 401 unauthorized exception, please make sure if the resource token is expired when you retrieve it from Redis cache.

Update:

If i use the overloaded constructor of DocumentClient and pass the PermissionFeed then it works

DocumentClient class has two constructors as below, and when you use new DocumentClient(HOST, jedis.get("Client_1"),ConnectionPolicy.GetDefault(), ConsistencyLevel.Session);, it seems that it recognizes jedis.get("Client_1") that you passed as a string and use the second constructor to initialize a new instance, which would be the cause of the issue.

enter image description here

Upvotes: 1

Related Questions