401 (Unauthorized) Incorrect bearer token after upgrading
I updated our SCIM Bridge running in GCP today (was running 1.6.2) to 2.9.5 and after trying to verify it worked I get an error that I have an incorrect bearer token (that was working fine prior to upgrade). How do I fix this?
1Password Version: 1.6.2, 2.9.5
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
It's also worth noting that the version is showing 1.6.2 still in the 1password admin dashboard. Still old age in getting the deployments.
NAME READY UP-TO-DATE AVAILABLE AGE
op-scim-bridge 1/1 1 1 3y121d
redis 1/1 1 1 3y121dbut it looks like it rolled out properly?
kubectl rollout status deployment/op-scim-bridge
deployment "op-scim-bridge" successfully rolled out0 -
Hi @rawb
Thanks for reaching out.
The version upgrade itself should not cause this issue and should not change either the token or SCIM session file, perhaps the credentials were regenerated while upgrading?To elaborate, if you regenerate the credentials accidentally while upgrading (i.e. click
Regenerate Credentials
from the Integrations page on your 1Password account) the token and SCIM bridge session will be regenerated entirely, and then you will need to redeploy the SCIM Bridge.You need to redeploy your SCIM bridge in that case. Luckily the SCIM bridge does not maintain any state and your configuration in your identity provider and 1Password account will not be affected by redeploying the SCIM bridge.
In a terminal run
kubectl get pods --all-namespaces
to find the name of your SCIM pod - it is likely namedop-scim-bridge
. Once you've got the name, let's find out if your pod has been restarted since the update to SCIM bridge 2.9.5 - to do that, take a look at theAge
field, which notes how long the pod has been running. The age of the pod should roughly match with when you performed the update.As you mention integration page is still showing the old version(which also likely reason you see deployment age ~3year) indicates bridge is not redeployed/upgraded yet. Once you install new scimsession and validate with new bearer token it should reflect the upgraded version in 1Password account. Please refer the guideline here.
Let us know how it goes!
0