Logon denied throws internal error for token-authentized users #542
Description
- What versions are you using?
>>> print(connection.version)
23.10.0.25.10 # Oracle Autonomous in Azure
>>> print(oracledb.clientversion())
oracledb.exceptions.ProgrammingError: DPY-2021: init_oracle_client() must be called first
>>> print("platform.platform:", platform.platform())
platform.platform: macOS-15.6.1-arm64-arm-64bit
>>> print("sys.maxsize > 2**32:", sys.maxsize > 2**32)
sys.maxsize > 2**32: True
>>> print("platform.python_version:", platform.python_version())
platform.python_version: 3.12.9
>>> print("oracledb.__version__:", oracledb.__version__)
oracledb.__version__: 3.4.0- Is it an error or a hang or a crash?
Wrong error is raised
- What error(s) or behavior you are seeing?
When using access token authenticatoin, the error is
File "src/oracledb/impl/thin/connection.pyx", line 536, in oracledb.thin_impl.ThinConnImpl.connect
File "src/oracledb/impl/thin/connection.pyx", line 532, in oracledb.thin_impl.ThinConnImpl.connect
File "src/oracledb/impl/thin/connection.pyx", line 475, in oracledb.thin_impl.ThinConnImpl._connect_with_params
File "src/oracledb/impl/thin/connection.pyx", line 456, in oracledb.thin_impl.ThinConnImpl._connect_with_description
File "src/oracledb/impl/thin/connection.pyx", line 425, in oracledb.thin_impl.ThinConnImpl._connect_with_address
File "src/oracledb/impl/thin/protocol.pyx", line 371, in oracledb.thin_impl.Protocol._connect_phase_two
File "src/oracledb/impl/thin/protocol.pyx", line 183, in oracledb.thin_impl.BaseProtocol._post_connect
KeyError: 'AUTH_SESSION_ID'
This error is uninformative and seems like an internal error instead of the server denying login.
On the contrary, when using user/password, it throws the correct error
oracledb.exceptions.DatabaseError: ORA-04088: error during execution of trigger 'ADMIN.BLOCK_ALL_LOGINS'
ORA-00604: Error occurred at recursive SQL level 1. Check subsequent errors.
ORA-20000: Login denied: All logins are currently blocked by the database trigger.
ORA-06512: at line 2
Help: https://docs.oracle.com/error-help/db/ora-04088/
- Does your application call init_oracle_client()?
Thin mode
- Include a runnable Python script that shows the problem.
CREATE OR REPLACE TRIGGER block_all_logins
AFTER LOGON ON DATABASE
BEGIN
RAISE_APPLICATION_ERROR(-20000, 'Login denied: All logins are currently blocked by the database trigger.');
END;import oracledb
oracledb.connect(
host='',
service_name='..low',
port=1521,
protocol='tcps',
ssl_server_dn_match=False,
access_token='ey...', # Azure EntraID token
)
Traceback (most recent call last):
File "/Users/vladislavwohlrath/src/login.py", line 21, in <module>
con = oracledb.connect(
^^^^^^^^^^^^^^^^^
File "/Users/vladislavwohlrath/src/.venv/lib/python3.12/site-packages/oracledb/connection.py", line 1698, in connect
return conn_class(dsn=dsn, pool=pool, params=params, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/vladislavwohlrath/src/.venv/lib/python3.12/site-packages/oracledb/connection.py", line 892, in __init__
impl.connect(params_impl)
File "src/oracledb/impl/thin/connection.pyx", line 536, in oracledb.thin_impl.ThinConnImpl.connect
File "src/oracledb/impl/thin/connection.pyx", line 532, in oracledb.thin_impl.ThinConnImpl.connect
File "src/oracledb/impl/thin/connection.pyx", line 475, in oracledb.thin_impl.ThinConnImpl._connect_with_params
File "src/oracledb/impl/thin/connection.pyx", line 456, in oracledb.thin_impl.ThinConnImpl._connect_with_description
File "src/oracledb/impl/thin/connection.pyx", line 425, in oracledb.thin_impl.ThinConnImpl._connect_with_address
File "src/oracledb/impl/thin/protocol.pyx", line 371, in oracledb.thin_impl.Protocol._connect_phase_two
File "src/oracledb/impl/thin/protocol.pyx", line 183, in oracledb.thin_impl.BaseProtocol._post_connect
KeyError: 'AUTH_SESSION_ID'