OAuth error oauth_problem=consumer_key_unknown
問題
アプリケーション リンクの作成時や、アプリケーション リンクを使用する機能の利用時に、アプリケーション同士での認証に失敗する。
アプリケーション ログに次のエラーが記録される。
oauth_problem=consumer_key_unknown
診断
環境
- 2 つのアプリケーションがアプリケーション リンクを使って接続されている
- 認証方式として OAuth が使われている
Diagnostic Steps
- The error happens intermittently. Recreating Application Links from both servers still does not fix it
OR - Missing Application Link from one server
原因
- There are duplicate data in the database causing it to use different Consumer key
OR - The Application Link is only configured in one direction. For example, Confluence is linked to JIRA; but JIRA does not have a reciprocal link to Confluence. This can be caused by a misconfigured network where one application server cannot reach the other over the connector port.
ソリューション
Delete the duplicate data in the database
Shutdown the application
- Backup database for rollback purposes
Search for duplicate data
SELECT * FROM BANDANA WHERE bandanakey = 'com.atlassian.oauth.consumer.ConsumerService:host.__HOST_SERVICE__';
- Delete the duplicate row, so that it will only have one result
- Restart the application
Recreate the Application Link in both servers
If your applications use a reverse proxy, ensure they have been configured correctly for use with the reverse proxy.
Once the applications have been configured, delete and recreate the Application Link.
Alternatively, ensure the reverse proxy has been bypassed for use in an unproxied Application Link.
Ensure there's proper bi-directional communication between both of the applications. Try to hit the endpoint to retrieve the manifest file from one server to the other. If this does not work, adjust firewall/ports/AWS security groups as needed for proper communication.
curl -H "Accept: application/json" http://HOST/ContextPath/rest/applinks/1.0/manifest -v