Bearer token stops working after a short time or after a clean restart, or does not work at all

[ErykKul]

What steps does it take to reproduce the issue?

Clone the rdm-integration repository.

git clone https://github.com/libis/rdm-integration.git

Replace the war file URL in .env with the latest development version or the latest released version, for example:

OAUTH2_POXY_VERSION=v7.7.1
NODE_VERSION=22-alpine
FRONTEND_VERSION=1.0.0
NODE_ENV=production
BASE_HREF=/
CUSTOMIZATIONS=./docker-volumes/integration/conf/customizations

# runtime
BASE_VERSION=unstable
DATAVERSE_WAR_URL=https://github.com/IQSS/dataverse/releases/download/v6.4/dataverse-6.4.war

Add the bearer token feature to the JVM_ARGS variable in the docker-compose.yml:

-Ddataverse.feature.api-bearer-auth=true

Add the included Keyclok and S3 implementations to your /etc/hosts or equivalent configuration, for example:

127.0.0.1    keycloak.mydomain.com
127.0.0.1    localstack.mydomain.com
127.0.0.1    minio.mydomain.com

Start the demo:

make up

Wait for Dataverse to initialize and everything to start up (you can follow the progress of that process in the terminal output). Then, go to the main page of the started Dataverse: http://localhost:8080, and click on the Log In button. Choose the OpenID Connect option at the button. On the Log In page, click on the Log In with OpenID Connect. Log-in with admin/admin credentials:

Complete the new user form by choosing a username and by agreeing to the terms:

After creating that new account, go to the API Token menu option:

Create a new token and go back to the main page to create a new dataset:

Fill out the form and click on Save Dataset. In the new dataset choose RDM-integration upload option from Edit Dataset menu:

Agree to the popups from the localhost, you will be redirected to log in:

After log in, you will be presented the RDM-integration UI. Go to the destination section and try changing the destination dataset:

Note that this sometimes works, most of the time it does not. If it worked, you can reproduce the issue with a clean restart:

make down
make up

• When does this issue occur?
  When using oauth2-proxy for securing your external tool backend, possibly in other situations too. RDM-integration has an Angular frontend, hosted by the backend written in Go. The backend image has an integrated oauth2-proxy to protect the app from unwanted access and forwards the bearer tokens to the Dataverse backend for user verification. The issue is very persistent, I have tried clearing the browser data and cookies, restarting the application several times, using private window, etc. Once you get into a state where the tokens are rejected, it is nearly impossible to go back to a working state. It did fix itself once after several hours, but then it broke immediately again.

• Which page(s) does it occurs on?
  External tools and application using bearer tokens.

• What happens?
  Tokens are rejected by the Dataverse application.

• To whom does it occur (all users, curators, superusers)?
  All users

• What did you expect to happen?
  Everything working smoothly.

Which version of Dataverse are you using?
Develop and latest released versions.

Are you thinking about creating a pull request for this issue?
#10905 fixes the issue. The war file used by default in the RDM-integration demo docker-compose is based on that implementation. Everything works smoothly with that war file in place.