Improved error handling in the auth component
When visiting https://cara.web.cern.ch/auth/authenticate, and auth.cern.ch is erroring (like it is today) you see the traceback:
Traceback (most recent call last):
File "/opt/app/lib/python3.9/site-packages/keycloak/aio/client.py", line 51, in _handle_response
response.raise_for_status()
File "/opt/app/lib/python3.9/site-packages/aiohttp/client_reqrep.py", line 1004, in raise_for_status
raise ClientResponseError(
aiohttp.client_exceptions.ClientResponseError: 503, message='Service Unavailable', url=URL('https://auth.cern.ch/auth/realms/CERN/.well-known/openid-configuration')
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/app/lib/python3.9/site-packages/tornado/web.py", line 1704, in _execute
result = await result
File "/opt/app/lib/python3.9/site-packages/auth_service/__init__.py", line 59, in get
async with self.get_oidc_client() as oidc_cli:
File "/opt/app/lib/python3.9/contextlib.py", line 181, in __aenter__
return await self.gen.__anext__()
File "/opt/app/lib/python3.9/site-packages/auth_service/__init__.py", line 47, in get_oidc_client
oidc_client = await realm.open_id_connect(**oicd_params)
File "/opt/app/lib/python3.9/site-packages/keycloak/aio/mixins.py", line 24, in __async_init__
self._well_known = await KeycloakWellKnown(
File "/opt/app/lib/python3.9/site-packages/keycloak/aio/well_known.py", line 31, in __async_init__
self._contents = await self._realm.client.get(self._path)
File "/opt/app/lib/python3.9/site-packages/keycloak/aio/client.py", line 53, in _handle_response
text = await response.text(errors='replace')
File "/opt/app/lib/python3.9/site-packages/aiohttp/client_reqrep.py", line 1080, in text
await self.read()
File "/opt/app/lib/python3.9/site-packages/aiohttp/client_reqrep.py", line 1036, in read
self._body = await self.content.read()
File "/opt/app/lib/python3.9/site-packages/aiohttp/streams.py", line 349, in read
raise self._exception
aiohttp.client_exceptions.ClientConnectionError: Connection closed
It is bad practice to show the traceback in prod, so there may be something wrong with the auth configuration.