Failed to execute refresh metadata course in discovery service

Hi;
I want to run the refresh refresh_course_metadata in discovery service with a production environment.
I created an Oauth2 client in lms. I created a partner in discovery admin interface and I set the lms url and the client_id and the client sercret.
When I executed this command I got the following error

Traceback (most recent call last):
File “/edx/app/discovery/discovery/course_discovery/apps/course_metadata/management/commands/refresh_course_metadata.py”, line 31, in execute_loader
loader_class(*loader_args, loader_kwargs).ingest()
File “/edx/app/discovery/discovery/course_discovery/apps/course_metadata/data_loaders/api.py”, line 82, in ingest
response = self._make_request(initial_page)
File “/edx/app/discovery/discovery/course_discovery/apps/course_metadata/data_loaders/api.py”, line 120, in _make_request
return self.api_client.courses().get(page=page, page_size=self.PAGE_SIZE, username=self.username)
File “/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/slumber/init.py”, line 155, in get
resp = self._request(“GET”, params=kwargs)
File “/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/slumber/init.py”, line 103, in _request
raise exceptions.HttpServerError(“Server Error %s: %s” % (resp.status_code, url), response=resp, content=resp.content)
slumber.exceptions.HttpServerError: Server Error 500: http://
*********/api/courses/v1/courses/

In the lms logs I found:

Traceback (most recent call last):
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/core/handlers/exception.py”, line 41, in inner
response = get_response(request)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/core/handlers/base.py”, line 249, in _legacy_get_response
response = self._get_response(request)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/core/handlers/base.py”, line 187, in _get_response
response = self.process_exception_by_middleware(e, request)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/core/handlers/base.py”, line 185, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/utils/decorators.py”, line 185, in inner
return func(*args, **kwargs)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/views/decorators/csrf.py”, line 58, in wrapped_view
return view_func(*args, **kwargs)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/views/generic/base.py”, line 68, in view
return self.dispatch(request, *args, **kwargs)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/rest_framework/views.py”, line 489, in dispatch
response = self.handle_exception(exc)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/rest_framework/views.py”, line 477, in dispatch
self.initial(request, *args, **kwargs)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/rest_framework/views.py”, line 394, in initial
self.perform_authentication(request)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/rest_framework/views.py”, line 320, in perform_authentication
request.user
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/rest_framework/request.py”, line 378, in getattribute
return super(Request, self).getattribute(attr)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/rest_framework/request.py”, line 196, in user
self._authenticate()
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/rest_framework/request.py”, line 342, in _authenticate
user_auth_tuple = authenticator.authenticate(self)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/edx_rest_framework_extensions/auth/jwt/authentication.py”, line 47, in authenticate
return super(JwtAuthentication, self).authenticate(request)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/rest_framework_jwt/authentication.py”, line 33, in authenticate
payload = jwt_decode_handler(jwt_value)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/edx_rest_framework_extensions/auth/jwt/decoder.py”, line 57, in jwt_decode_handler
_verify_jwt_signature(token, jwt_issuer)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/edx_rest_framework_extensions/auth/jwt/decoder.py”, line 137, in _verify_jwt_signature
key_set = _get_signing_jwk_key_set(jwt_issuer)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/edx_rest_framework_extensions/auth/jwt/decoder.py”, line 189, in _get_signing_jwk_key_set
key_set.load_jwks(signing_jwk_set)
File “/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/jwkest/jwk.py”, line 776, in load_jwks
self.load_dict(json.loads(jwks))
File “/usr/lib/python2.7/json/init.py”, line 339, in loads
return _default_decoder.decode(s)
File “/usr/lib/python2.7/json/decoder.py”, line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File “/usr/lib/python2.7/json/decoder.py”, line 382, in raw_decode
raise ValueError(“No JSON object could be decoded”)

It seems that the discovery service calls the url: http://**************/api/courses/v1/courses/?page_size=50&page=1&username= with an access token set as an Authorization header

Hi @nablisoft,

From your error logs, it seems like the JWK Signing keys aren’t correctly set.
Since Ironwood, edx-platform uses asymmetric JWT cryptographic keys for signing JWTs (you can read more about this here).

To fix that issue, you’ll need to generate a JWK key pair and set both EDXAPP_JWT_PRIVATE_SIGNING_JWK and COMMON_JWT_PUBLIC_SIGNING_JWK_SET on your instance settings.

Generating the keys

To generate these keys, you can use this guide.
You’ll need two values:

  • serialized_public_keys_json
  • serialized_keypair_json

Instance settings

If you are deploying a new instance

Add these two Ansible variables to the configuration file (pick the values from the previous step):

COMMON_JWT_PUBLIC_SIGNING_JWK_SET: 'contents of serialized_public_keys_json'
EDXAPP_JWT_PRIVATE_SIGNING_JWK: 'contents of serialized_keypair_json'

If you instance is already up and running

You’ll need to set these values directly on lms.env.json:

// Look for the JWT_AUTH key
{
    ...
    "JWT_AUTH": {
        ...,
        "JWT_PRIVATE_SIGNING_JWK": "contents of serialized_keypair_json",
        "JWT_PUBLIC_SIGNING_JWK_SET": "contents of serialized_public_keys_json",
    },
    ...
}

And you also need to set JWT_PUBLIC_SIGNING_JWK_SET on the configuration files of services you use (discovery, ecommerce, etc). You’ll need to look at the configuration files and search for the JWT_AUTH key, and then set JWT_PUBLIC_SIGNING_JWK_SET.

1 Like