Aspera

 View Only
  • 1.  Uploading to a clients faspex5 - docker & issue BAD Request ?

    Posted Wed July 17, 2024 10:08 AM
    Edited by George P Wed July 17, 2024 10:08 AM

    Hi All, 

    I am trying to upload to a client's faspex5 server using the docker container (martinlaurent/ascli). In the account settings I have provided the public key in PEM format (under account settings), and I have been provided with the clientID and the client_secret . I am trying using the below command but I am getting bad request issues 

    docker run --rm -t -v {MapFolderSource}:{MapFolderInDocker} martinlaurent/ascli faspex5 package send --url="https://{DNS}.com/aspera/faspex" @json:'{"title": "title","recipients":["Shared inboxe NAME"]}' TESTFile.mov --client_id="XXXXXXX" --username=YYYY --client-secret="secret_key_here" --private_key="@file:rsa.pem"

    Check that your JWT payload matches the required specification. Error: - Invalid subject (Aspera::RestCallError)

    status: Bad Request

    code: 2019

    trace: 61d69508-09f2-4bc5-a6de-65d257e5c589

    {server} 400 Bad Request

    What shall I adjust in order to have a successful upload?

    Thanks for any help that can be provided. 



    ------------------------------
    George P
    ------------------------------



  • 2.  RE: Uploading to a clients faspex5 - docker & issue BAD Request ?

    Posted Wed July 17, 2024 10:48 AM

    Maybe execute in debug mode (--log-level=debug) and give the jwt payload (without secrets), like:

    jwt_payload (json)=
    {
      "exp": 1721231001,
      "nbf": 1721227101,
      "iat": 1721227102,
    "jti": "some-uuid",
    "iss": "client-id-uuid",
    "aud": "client-id-uuid",
    "sub": "user:john@example.com"
    }

    The container version is a little behinbd the latest version, maybe validate if you get the same error with the local ascli (with local ruby).



    ------------------------------
    Laurent Martin
    ------------------------------



  • 3.  RE: Uploading to a clients faspex5 - docker & issue BAD Request ?

    Posted Wed July 17, 2024 12:42 PM

    Hi Laurent, 
    Thanks for your speedy reply 

    This is what I see with debug on : 

    "auth": {
        "type": "oauth2",
        "base_url": "https://DNS.SERVER/aspera/faspex/auth",
        "grant_method": "jwt",
        "client_id": "CLIENT.ID",
        "jwt": {
          "payload": {
            "iss": "CLIENT.ID",
            "aud": "CLIENT.ID",
            "sub": "user:USERNAME"
          },
          "private_key_obj": "🔑",
          "headers": {
            "typ": "JWT"
          }
        }
      }

    and 

    JWT jwt_payload=[
    {:exp=>1721237580, 
    :nbf=>1721233680, 
    :iat=>1721233681, 
    :jti=>"88b7d933-2833-4a9a-b19f-6e444886c563", 
    :iss=>"CLIENT.ID", 
    :aud=>"CLIENT.ID", 
    :sub=>"user:USERNAME"}]

    hope this helps to get to the bottom of the issue  :) 



    ------------------------------
    George P
    ------------------------------



  • 4.  RE: Uploading to a clients faspex5 - docker & issue BAD Request ?

    Posted Wed July 17, 2024 12:52 PM

    Well, that seems ok,

    I have pushed container version 4.18, so update the image, i.e. use: docker.io/martinlaurent/ascli:latest

    See if it's better.

    Also check the version of the faspex server with command: ascli faspex5 version



    ------------------------------
    Laurent Martin
    ------------------------------



  • 5.  RE: Uploading to a clients faspex5 - docker & issue BAD Request ?

    Posted Thu July 18, 2024 04:01 AM

    Note that this error may be due to an unknown user id (email) in Faspex 5, I get the same error by using a wrong user id:

    $ ascli faspex5 packages list --username=wrong@example.com
    ERROR: Rest: Check that your JWT payload matches the required specification. Error: - Invalid subject
    status: Bad Request
    code: 2019
    trace: cf51e122-a05e-4ae2-8ebf-ea1c9e773317
    faspex5.example.com 400 Bad Request



    ------------------------------
    Laurent Martin
    ------------------------------



  • 6.  RE: Uploading to a clients faspex5 - docker & issue BAD Request ?

    Posted Fri July 19, 2024 06:26 AM

    Hi Laurent, 

    Thanks for your feedback and investigation. I have tried the latest build, but I still have the same error/issue.

    Can you please confirm that from what you can see above, the command used is correct and should be working without issues .. yes ? 
    In the username option, i am using the username i have to login to the WEB UI, and not the email associated to this account. 

    I will escalate with the client, maybe its something they have not enabled (or a config error) to allow me to use command line tools to upload. 

    Regards
    George



    ------------------------------
    George P
    ------------------------------



  • 7.  RE: Uploading to a clients faspex5 - docker & issue BAD Request ?

    Posted Fri July 19, 2024 07:26 AM

    The username to be used for authentication is the user's email address.

    By default, the user's "name" (property) in Faspex5 is the same as the email.

    I can happen that a user's "name" is not equal to the email, in case of upgrade from Faspex 4, or use of API for creation (which I did to show here):

    ascli faspex5 -Pf5admin admin accounts create @json:'{"name":"toto","email":"aspera.user1+123@gmail.com","last_name":"toto","first_name":"titi"}'

    For example, I have those users configured, as in picture.

    If I use username=toto, then I get the same error, if I use username=aspera.user1+123@gmail.com, then authentication works.

    ascli faspex5 --username=aspera.user1+123@gmail.com packages list



    ------------------------------
    Laurent Martin
    ------------------------------



  • 8.  RE: Uploading to a clients faspex5 - docker & issue BAD Request ?

    Posted Fri July 19, 2024 10:06 AM

    By changing the --username= to be the email address of the account (and not the account name), the transfer started and completed without issues. 

    Thanks for your help and assistance! 



    ------------------------------
    George P
    ------------------------------