401 (Unauthorized) Incorrect bearer token after upgrading

rawb
rawb
Community Member

I updated our SCIM Bridge running in GCP today (was running 1.6.2) to 2.9.5 and after trying to verify it worked I get an error that I have an incorrect bearer token (that was working fine prior to upgrade). How do I fix this?


1Password Version: 1.6.2, 2.9.5
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • rawb
    rawb
    Community Member

    It's also worth noting that the version is showing 1.6.2 still in the 1password admin dashboard. Still old age in getting the deployments.

    NAME READY UP-TO-DATE AVAILABLE AGE
    op-scim-bridge 1/1 1 1 3y121d
    redis 1/1 1 1 3y121d

    but it looks like it rolled out properly?

    kubectl rollout status deployment/op-scim-bridge
    deployment "op-scim-bridge" successfully rolled out

  • hemal.g_1p
    hemal.g_1p
    1Password Alumni

    Hi @rawb

    Thanks for reaching out.
    The version upgrade itself should not cause this issue and should not change either the token or SCIM session file, perhaps the credentials were regenerated while upgrading?

    To elaborate, if you regenerate the credentials accidentally while upgrading (i.e. click Regenerate Credentials from the Integrations page on your 1Password account) the token and SCIM bridge session will be regenerated entirely, and then you will need to redeploy the SCIM Bridge.

    You need to redeploy your SCIM bridge in that case. Luckily the SCIM bridge does not maintain any state and your configuration in your identity provider and 1Password account will not be affected by redeploying the SCIM bridge.

    In a terminal run kubectl get pods --all-namespaces to find the name of your SCIM pod - it is likely named op-scim-bridge. Once you've got the name, let's find out if your pod has been restarted since the update to SCIM bridge 2.9.5 - to do that, take a look at the Age field, which notes how long the pod has been running. The age of the pod should roughly match with when you performed the update.

    As you mention integration page is still showing the old version(which also likely reason you see deployment age ~3year) indicates bridge is not redeployed/upgraded yet. Once you install new scimsession and validate with new bearer token it should reflect the upgraded version in 1Password account. Please refer the guideline here.

    Let us know how it goes!