Workflow: User loads http://localhost:5000

 Absolutely, this is a great “let’s debug like a pro” moment.

Here’s what’s happening, line by line, as you walk back to your PC and reload:

1. You Reload the Page

  • Your browser tries to load the home page (/) of the API Gateway.

2. Gateway Checks Your Auth Session

  • The API Gateway checks if you have a valid session (i.e., an id_token stored in the Flask session cookie).

  • It finds an existing JWT token from before you left (from earlier today).

3. It Tries to Verify the JWT

  • The function verify_id_token() is called.

  • It decodes the token and prints the claims:

    Decoded claims: {
  'iss': 'https://aurorahours.com/identity-backend',
  'sub': 'username',
  'aud': 'browser-ui',
  'iat': 1754206747,
  'exp': 1754207647,
  'scope': 'openid'
}

  • The exp (exp claim) is in the past (token is expired).

  • It calculates and logs:

    Token expired at 2025-08-03T07:54:07Z, issued at 2025-08-03T07:39:07Z, now=2025-08-03T08:35:27Z

Why?

  • The id_token was issued at 7:39 UTC and expired at 7:54 UTC.

  • You’re now at 8:35 UTC (i.e., you’ve been away >40 minutes).

  • Your session cookie is still present, but the JWT is expired.

4. The App Handles the Expired Token

  • verify_id_token() raises an exception: “ID token expired”.

  • The error is logged:

    ERROR API Gateway - [verify_id_token] JWT verification failed: ID token expired
WARNING API Gateway - ID token validation failed: Invalid token: ID token expired

  • As a result, your session is cleared (logged out), and the app redirects you to login again.

5. You See a Redirect to Login

  • The Gateway triggers a fresh login flow:

    Redirecting to OIDC auth: state=31ac223c-0321-4fb1-9ea4-72415f3bc37e, ...

  • Browser gets bounced to the OneLogin/OIDC page at identity-backend’s /authorize.

6. DeprecationWarnings

  • These are about how you’re converting Unix timestamps to UTC.

  • Python wants you to use:

    datetime.fromtimestamp(exp, datetime.UTC)

    instead of:

    datetime.utcfromtimestamp(exp)

  • This is just a heads-up for future Python versions—not a functional error, but clean it up soon.

7. Flow Summary:

What happened?

  1. Your old token was expired when you came back.

  2. App detected this and gracefully redirected you to log in again.

  3. You were shown the (beautiful!) OneLogin page.

  4. Logs show all the steps and errors—no mystery, and this is exactly what should happen.

Principal Engineer Takeaway

  • This is exactly how session/JWT expiration should be handled.

  • Session persistence does not mean you’re still authorized—JWT expiry keeps you secure.

  • Logs and errors are clear and actionable—no user sees a raw traceback.

  • The warnings are for future-proofing code; they don’t block you, but update the timestamp code soon.

Want help fixing the DeprecationWarnings? Or want a “session expiry UX” improvement, like a “Session expired, please log in” message instead of just redirecting?

Comments

Post a Comment

Popular posts from this blog

Feature: Audit log for one login, and identity service

Image
Customer (Product) Page High-Level System Design Diagram (PlantUML) Sequence Diagram: Audit Event Ingestion Sequence Diagram: Orchestration Event For a High-Level System (Component) Diagram The queue is implemented as message_queue (generic), and the audit log service consumes from it, writing to a dedicated audit_log table. The logging service also consumes from the same message_queue and writes to log_store. Orchestration/other services use the same queue. Summary Table: What Writes Where Event Type Goes Into Consumed By Final Storage audit message_queue Audit Log Service audit_log table log message_queue Logging Service log_store table doc_uploaded message_queue Orchestration Worker (business DB, or triggers next event) ocr_ready message_queue Notification Worker, etc. (notification log, etc.)  Core Tables message_queue – universal event bus (temp buffer) audit_log – immutable audit/compliance events log_store – application logs (op...
Read more

Getting started - Build your data science lab environment

This guide explains how to set up a complete data science environment for the udemy program. A proper setup ensures compatibility and avoids recurring environment issues.  1. Overview Goal : Create a full-featured environment with sufficient resources for all course exercises. Recommendation : Use Anaconda for the most reliable setup. Alternative : Use a Python virtual environment with pip if Anaconda isn’t working. 2. Setup Options Primary (Recommended) Create a dedicated Anaconda environment (isolated, compatible). Alternative Use a standard Python virtualenv + pip (faster but less reliable). 3. Windows Setup Steps Clone Course Repository git clone https://github.com/ed-donner/llm_engineering/ Follow the repository’s README.md instructions for additional setup details. Create Anaconda Environment Inside the llm_engineering folder: conda env create -f environment.yml ⏳ This may take several minutes. Activate the environment: conda activate llms Deactivat...
Read more

QA - Run #1 - Results

Image
# QA Report for Tag QA_July2025_A - **Tag/Commit:** QA_July2025_A (`f32abc1`) - **Date:** 2025-08-01 - **QA Outcomes:** All tests passed except for file upload (see below)... - **Environment:** Windows 10, Python 3.12, requirements.txt as of tag - **Notes:** See log for detailed results. ## Issue Found - **Step:** - **Bug:** - **Log excerpt:** - **Screenshot:** For this QA run, we begin with pristine state by: Stop all services Delete logs.db, and jobs.db Delete all files in doc_store folder Start all services Test, you should see no data on index page, and query should result in no data found error Next, go ahead and upload new1.txt, and after that new2.txt Issue the query: "can you summarize all of the todo items you can find, seperating each one on a single line, with due date first, then title, and description with any details you can augment" Expected Answer: - August 1, 2025: Respond to Amira and discuss weekend plans - August 3, 2025: Go to Somesh class and finish ta...
Read more