An Unknown Error, UAA Authorization Redirect, and Fire Trucks
I’m taking a few moments this Friday to focus your attention on a few friendly posts that came across the Predix Developer Forums this week. Reach out to me if you want to see specific topics covered.
An Unknown Error Occurred
You signed up for Predix, started following one of the guides and ran a cf push when you get an unknown error!
Binding my-amazing-app.run.aws-usw02-pr.ice.predix.io to my-amazing-app-blue...FAILED
Server error, status code: 500, error code: 10001, message: An unknown error occurred.
You can check cf logs --recent but that may still not help you find the issue. If you follow some of the guides such as Hello World: Push My First App to the Cloud you may notice that the manifest.yml includes a specific line:
memory: 256MOne of the simplest apps you can create consists of two files where the latter is some simple HTML:
Staticfile
index.htmlIf you cf push or predix push this app you would have a simple static web site, but if it fails it may be because you forgot about memory usage. If you don’t use a manifest.yml with memory included or don’t add a cf push -m 256M on the command line you will be left with the default memory for your app which is set to 1GB (See Cloud Foundry Documentation). That’s a lot for a static app and exceeds the quota for a free account.
If you run cf org <you@domain.com> and cf quotas you can learn more about Org Quota Plan Attributes for your account.
name total instance routes ...
predix-free 4G 512M 40 ...
predix-free-with-payment 4G 512M 40 ...If you get more details the Instance Memory is the issue since the 512M limit is less than the 1G default.
$ cf quota predix-free
OKTotal Memory 4G
Instance Memory 512M
Routes 40
Services 10
Paid service plans disallowed
App instance limit unlimited
Reserved Route Ports 0
Put this memory setting in your manifest or use it on the command line and you’ll be cf pushing again in no time. Hopefully there will be a better error message there soon.
UAA Authorization Code
The OAuth 2.0 Authorization Framework defines an Authorization Code as a grant type.
The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. Instead of requesting authorization directly from the resource owner, the client directs the resource owner to an authorization server (via its user-agent as defined in [RFC2616]), which in turn directs the resource owner back to the client with the authorization code.
Before directing the resource owner back to the client with the authorization code, the authorization server authenticates the resource owner and obtains authorization. Because the resource owner only authenticates with the authorization server, the resource owner’s credentials are never shared with the client.
The authorization code provides a few important security benefits, such as the ability to authenticate the client, as well as the transmission of the access token directly to the client without passing it through the resource owner’s user-agent and potentially exposing it to others, including the resource owner.
This is an important piece of UAA which sits as the basis for user authentication for your apps deployed on Predix. Once the authorization server has authenticated the client it must redirect back to the original requestor. That means in order to make use of authorization_code as a grant type you are required to specify a redirect_uri.
If you don’t, when creating the client you may see an error like this:
Creating client my-client on Predix UAA instance my-uaa
FAILED Invalid status response: 400. authorization_code grant type requires at least one redirect URL.You can find out more in some of these resources:
- Error 400 when following the tutorial build
- How-To: Add redirect_uri to your UAA client
- UAA authorization-code-grant
- UAA register-client-post-oauth-clients
You May Have Missed
- You can use
cf unset-envto remove app environment variables… (more) - Understanding UAA clients and UAA users… (more)
- Discussion on architecting edge solutions for Fire Fighters scenario… (more)
- Message ids for Time Series ingestion should be unique… (more)
- Using Redis Transactions… (more)
- When to have more than one UAA client… (more)
Hope that helps.
This post was published on Predix Developer Network Blog September 15, 2017.
