Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Revoke Endpoint does not work with SSOv2 #43

Open
ddavaham opened this issue Oct 7, 2018 · 2 comments
Open

[BUG] Revoke Endpoint does not work with SSOv2 #43

ddavaham opened this issue Oct 7, 2018 · 2 comments

Comments

@ddavaham
Copy link

ddavaham commented Oct 7, 2018

Bug

I performed the following revokation of an access token

{
  "status": true,
  "payload": {
    "log_id": "ZWRDD6UFNQvs3csa",
    "message": null,
    "url": "https://login.eveonline.com/v2/oauth/revoke",
    "code": 200,
    "headers": {
      "request": {
        "Request-Line": "POST /v2/oauth/revoke HTTP/1.1",
        "Host": "login.eveonline.com",
        "Accept": "*/*",
        "Authorization": "Basic NjVkZjZiODY2NjAwNGQwZWE2MjZiNDY3ZWJjZDkyZDE6SE92Qm5ZdzdUU2dJNERXMmNraEMwMjJwazk0VGJlZUNKaHh1UUFlRg==",
        "Content-Type": "application/json",
        "User-Agent": "ESIKnife Local Development || David Davaham (David Douglas) || ddouglas@douglaswebdev.net",
        "Content-Length": "943",
        "data": "{\"token_type_hint\":\"access_token\",\"token\":\"eyJhbGciOiJSUzI1NiIsImtpZCI6IkpXVC1TaWduYXR1cmUtS2V5IiwidHlwIjoiSldUIn0.eyJzY3AiOlsiZXNpLWxvY2F0aW9uLnJlYWRfbG9jYXRpb24udjEiLCJlc2ktbG9jYXRpb24ucmVhZF9zaGlwX3R5cGUudjEiLCJlc2ktd2FsbGV0LnJlYWRfY2hhcmFjdGVyX3dhbGxldC52MSJdLCJqdGkiOiIxNGViNmZlOC1lMDQxLTRmMDktOTgzYS0yMWM0NDA5Y2Y2NTgiLCJraWQiOiJKV1QtU2lnbmF0dXJlLUtleSIsInN1YiI6IkNIQVJBQ1RFUjpFVkU6OTU5MjMwODQiLCJhenAiOiI2NWRmNmI4NjY2MDA0ZDBlYTYyNmI0NjdlYmNkOTJkMSIsIm5hbWUiOiJEYXZpZCBEYXZhaGFtIiwib3duZXIiOiJQaGpReWdVRjUwM2Q0VkdIVEhzdzRnbXp0dlk9IiwiZXhwIjoxNTM4ODk3MTQyLCJpc3MiOiJsb2dpbi5ldmVvbmxpbmUuY29tIn0.nWNb_9tTE9wR59o4-M0EvB0LqHsCtlkYorJ1J_t8IEfuO8xCRLEInyWSu-53ect4FDXg9cGwkCQotg-A_V7qfQ586e9z1i6r1sBr7ZF8nYN_C-jF8k5CNiBQZAxgahndEOyy36GO7Ohej_B6DdTI6bca8nd9oIsO0l8vj6Hb1__qXr6MqOt_QGo5mX_jfsL5CnIIuR5Q64f8xLZ1AI6dRq7Qw-hvGNzRwRWx2EEsL7_Py0WmfqlwSqgbVKgw-Cta72zJZkF5qk0yn_OG99BPRl-4ZTQsLlDkTnGXCbnCYApSBQX67g1NExnmb4NpAqNpM-2xzFJ9POe96axF2k4ldw\"}"
      },
      "response": {
        "Status-Line": "HTTP/1.1 200 OK",
        "Cache-Control": "no-store",
        "Pragma": "no-cache",
        "Server": "Microsoft-IIS/8.5",
        "Date": "Sun, 07 Oct 2018 07:06:19 GMT",
        "Content-Length": "0"
      }
    },
    "response": ""
  }
}

A Few minutes later using the same access token I was able to request data about the characters ship.

{#461 ▼
  +"status": true
  +"payload": {#458 ▼
    +"log_id": "iQoQM2k8956iCPra"
    +"message": null
    +"url": "https://esi.evetech.net/v1/characters/95923084/ship/"
    +"code": 200
    +"headers": {#434 ▼
      +"request": array:7 [▼
        "Request-Line" => "GET /v1/characters/95923084/ship/ HTTP/1.1"
        "Host" => "esi.evetech.net"
        "Accept" => "*/*"
        "Authorization" => "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkpXVC1TaWduYXR1cmUtS2V5IiwidHlwIjoiSldUIn0.eyJzY3AiOlsiZXNpLWxvY2F0aW9uLnJlYWRfbG9jYXRpb24udjEiLCJlc2ktbG9jYXRpb24ucmVhZF9za ▶"
        "Content-Type" => "application/json"
        "User-Agent" => "ESIKnife Local Development || David Davaham (David Douglas) || ddouglas@douglaswebdev.net"
        "data" => []
      ]
      +"response": array:20 [▼
        "Status-Line" => "HTTP/1.1 200 OK"
        "Date" => "Sun, 07 Oct 2018 07:10:06 GMT"
        "Content-Type" => "application/json; charset=UTF-8"
        "Content-Length" => "74"
        "Connection" => "keep-alive"
        "Access-Control-Allow-Credentials" => "true"
        "Access-Control-Allow-Headers" => "Content-Type,Authorization,If-None-Match,X-User-Agent"
        "Access-Control-Allow-Methods" => "GET,HEAD,OPTIONS"
        "Access-Control-Allow-Origin" => "*"
        "Access-Control-Expose-Headers" => "Content-Type,Warning,ETag,X-Pages,X-ESI-Error-Limit-Remain,X-ESI-Error-Limit-Reset"
        "Access-Control-Max-Age" => "600"
        "Allow" => "GET,HEAD,OPTIONS"
        "Cache-Control" => "private"
        "Etag" => ""4dd43c0770f61b9185098baee19f3ce2f36753d871114e297839b13e""
        "Expires" => "Sun, 07 Oct 2018 07:10:11 GMT"
        "Last-Modified" => "Sun, 07 Oct 2018 07:10:06 GMT"
        "Strict-Transport-Security" => "max-age=31536000"
        "X-Esi-Error-Limit-Remain" => "100"
        "X-Esi-Error-Limit-Reset" => "54"
        "X-Esi-Request-Id" => "595bcc47-9296-4ada-94cf-867f4594f5a4"
      ]
    }
    +"response": {#430 ▼
      +"ship_item_id": 1027500721343
      +"ship_name": "IHaveACyno"
      +"ship_type_id": 606
    }
  }
}

To Try again, I revoked the token by refresh token

{
  "status": true,
  "payload": {
    "log_id": "UyqS2CMpVXi1s2bh",
    "message": null,
    "url": "https://login.eveonline.com/v2/oauth/revoke",
    "code": 200,
    "headers": {
      "request": {
        "Request-Line": "POST /v2/oauth/revoke HTTP/1.1",
        "Host": "login.eveonline.com",
        "Accept": "*/*",
        "Authorization": "Basic NjVkZjZiODY2NjAwNGQwZWE2MjZiNDY3ZWJjZDkyZDE6SE92Qm5ZdzdUU2dJNERXMmNraEMwMjJwazk0VGJlZUNKaHh1UUFlRg==",
        "Content-Type": "application/json",
        "User-Agent": "ESIKnife Local Development || David Davaham (David Douglas) || ddouglas@douglaswebdev.net",
        "Content-Length": "70",
        "data": "{\"token_type_hint\":\"refresh_token\",\"token\":\"5aI666sHJ0ucBRnPulp6Jg==\"}"
      },
      "response": {
        "Status-Line": "HTTP/1.1 200 OK",
        "Cache-Control": "no-store",
        "Pragma": "no-cache",
        "Server": "Microsoft-IIS/8.5",
        "Date": "Sun, 07 Oct 2018 07:11:04 GMT",
        "Content-Length": "0"
      }
    },
    "response": ""
  }
}

Then tried requesting the ship again

{#461 ▼
  +"status": true
  +"payload": {#458 ▼
    +"log_id": "JXvGpQvCJo56toUD"
    +"message": null
    +"url": "https://esi.evetech.net/v1/characters/95923084/ship/"
    +"code": 200
    +"headers": {#434 ▼
      +"request": array:7 [▼
        "Request-Line" => "GET /v1/characters/95923084/ship/ HTTP/1.1"
        "Host" => "esi.evetech.net"
        "Accept" => "*/*"
        "Authorization" => "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkpXVC1TaWduYXR1cmUtS2V5IiwidHlwIjoiSldUIn0.eyJzY3AiOlsiZXNpLWxvY2F0aW9uLnJlYWRfbG9jYXRpb24udjEiLCJlc2ktbG9jYXRpb24ucmVhZF9za ▶"
        "Content-Type" => "application/json"
        "User-Agent" => "ESIKnife Local Development || David Davaham (David Douglas) || ddouglas@douglaswebdev.net"
        "data" => []
      ]
      +"response": array:20 [▼
        "Status-Line" => "HTTP/1.1 200 OK"
        "Date" => "Sun, 07 Oct 2018 07:11:46 GMT"
        "Content-Type" => "application/json; charset=UTF-8"
        "Content-Length" => "74"
        "Connection" => "keep-alive"
        "Access-Control-Allow-Credentials" => "true"
        "Access-Control-Allow-Headers" => "Content-Type,Authorization,If-None-Match,X-User-Agent"
        "Access-Control-Allow-Methods" => "GET,HEAD,OPTIONS"
        "Access-Control-Allow-Origin" => "*"
        "Access-Control-Expose-Headers" => "Content-Type,Warning,ETag,X-Pages,X-ESI-Error-Limit-Remain,X-ESI-Error-Limit-Reset"
        "Access-Control-Max-Age" => "600"
        "Allow" => "GET,HEAD,OPTIONS"
        "Cache-Control" => "private"
        "Etag" => ""4dd43c0770f61b9185098baee19f3ce2f36753d871114e297839b13e""
        "Expires" => "Sun, 07 Oct 2018 07:11:51 GMT"
        "Last-Modified" => "Sun, 07 Oct 2018 07:11:46 GMT"
        "Strict-Transport-Security" => "max-age=31536000"
        "X-Esi-Error-Limit-Remain" => "100"
        "X-Esi-Error-Limit-Reset" => "14"
        "X-Esi-Request-Id" => "51125d66-307f-4b63-85b9-a44a34b43a2f"
      ]
    }
    +"response": {#430 ▼
      +"ship_item_id": 1027500721343
      +"ship_name": "IHaveACyno"
      +"ship_type_id": 606
    }
  }
}

I tried to refresh the token

{#461 ▼
  +"status": true
  +"payload": {#458 ▼
    +"log_id": "P1Yiisc3VNDXUtUc"
    +"message": null
    +"url": "https://login.eveonline.com/v2/oauth/token"
    +"code": 200
    +"headers": {#434 ▼
      +"request": array:8 [▼
        "Request-Line" => "POST /v2/oauth/token HTTP/1.1"
        "Host" => "login.eveonline.com"
        "Accept" => "*/*"
        "Authorization" => "Basic NjVkZjZiODY2NjAwNGQwZWE2MjZiNDY3ZWJjZDkyZDE6SE92Qm5ZdzdUU2dJNERXMmNraEMwMjJwazk0VGJlZUNKaHh1UUFlRg=="
        "Content-Type" => "application/json"
        "User-Agent" => "ESIKnife Local Development || David Davaham (David Douglas) || ddouglas@douglaswebdev.net"
        "Content-Length" => "73"
        "data" => "{"grant_type":"refresh_token","refresh_token":"5aI666sHJ0ucBRnPulp6Jg=="}"
      ]
      +"response": array:9 [▼
        "Status-Line" => "HTTP/1.1 200 OK"
        "Cache-Control" => "no-store"
        "Pragma" => "no-cache"
        "Content-Type" => "application/json; charset=utf-8"
        "Server" => "Microsoft-IIS/8.5"
        "Access-Control-Allow-Methods" => "OPTIONS, POST"
        "Access-Control-Allow-Origin" => "*"
        "Date" => "Sun, 07 Oct 2018 07:12:47 GMT"
        "Content-Length" => "1000"
      ]
    }
    +"response": {#430 ▼
      +"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkpXVC1TaWduYXR1cmUtS2V5IiwidHlwIjoiSldUIn0.eyJzY3AiOlsiZXNpLWxvY2F0aW9uLnJlYWRfbG9jYXRpb24udjEiLCJlc2ktbG9jYXRpb24ucmVhZF9zaGlwX3R5cGUudjEiLCJlc2ktd2FsbGV0LnJlYWRfY2hhcmFjdGVyX3dhbGxldC52MSJdLCJqdGkiOiJiNTgwOTQwNS03N2VlLTRkOTEtYjM5My1iZDlmMGMzNzFlMjIiLCJraWQiOiJKV1QtU2lnbmF0dXJlLUtleSIsInN1YiI6IkNIQVJBQ1RFUjpFVkU6OTU5MjMwODQiLCJhenAiOiI2NWRmNmI4NjY2MDA0ZDBlYTYyNmI0NjdlYmNkOTJkMSIsIm5hbWUiOiJEYXZpZCBEYXZhaGFtIiwib3duZXIiOiJQaGpReWdVRjUwM2Q0VkdIVEhzdzRnbXp0dlk9IiwiZXhwIjoxNTM4ODk3NTY3LCJpc3MiOiJsb2dpbi5ldmVvbmxpbmUuY29tIn0.M-XAjJz-9k9GKx6bfIZRCBsa84lXBvPeYK_UqmV51Cf2aYDrG7OZYmEGQCEZgGkecGlOz_mdXagygkDIpSFJgBN9F8m3Vj4lNA52LFsyvT4c7fnTrilDgkQkVpaBHCD_59oOA-KcceJ-LRhbGacV7TtvXc9tHOHNBDICtmePgmaxq8tWugmRw3FqEPuyFe--UXXsVWlzlTP7WN7BAdEs95VXQSbVs7ezZy7GKXsmz3NoHwp0nCiUQ-qhpb1k2hI1A2bVAsrwMXCYFukkSa7ojFm085Q1pu891gVKs3NM3kiW6FzL4fqCri0kE7YWfEPooP-moxhENCZ8Uj7zc_cQQg ◀"
      +"expires_in": 1199
      +"token_type": "Bearer"
      +"refresh_token": "5aI666sHJ0ucBRnPulp6Jg=="
    }
  }
}

I then delete the application via the developers console and waited five minutes

Only after deleting the application was did I receive a proper response from the refresh endpoint

{#461 ▼
  +"status": false
  +"payload": {#458 ▼
    +"log_id": "ZSMMZpVE6SiUZmJl"
    +"message": "Failed HTTP Request POST  : Http Status 401"
    +"url": "https://login.eveonline.com/v2/oauth/token"
    +"code": 401
    +"headers": {#434 ▼
      +"request": array:8 [▼
        "Request-Line" => "POST /v2/oauth/token HTTP/1.1"
        "Host" => "login.eveonline.com"
        "Accept" => "*/*"
        "Authorization" => "Basic NjVkZjZiODY2NjAwNGQwZWE2MjZiNDY3ZWJjZDkyZDE6SE92Qm5ZdzdUU2dJNERXMmNraEMwMjJwazk0VGJlZUNKaHh1UUFlRg=="
        "Content-Type" => "application/json"
        "User-Agent" => "ESIKnife Local Development || David Davaham (David Douglas) || ddouglas@douglaswebdev.net"
        "Content-Length" => "73"
        "data" => "{"grant_type":"refresh_token","refresh_token":"5aI666sHJ0ucBRnPulp6Jg=="}"
      ]
      +"response": array:9 [▼
        "Status-Line" => "HTTP/1.1 401 Unauthorized"
        "Cache-Control" => "no-cache"
        "Pragma" => "no-cache"
        "Content-Length" => "87"
        "Content-Type" => "application/json; charset=utf-8"
        "Expires" => "-1"
        "Server" => "Microsoft-IIS/8.5"
        "WWW-Authenticate" => "Basic realm="login.eveonline.com""
        "Date" => "Sun, 07 Oct 2018 07:22:44 GMT"
      ]
    }
    +"response": {#430 ▼
      +"error": "invalid_client"
      +"error_description": "Missing or invalid client credentials."
    }
  }
}

However I am still able to make requests to ESI using an access token that is registered to an application that has been deleted.

{#461 ▼
  +"status": true
  +"payload": {#458 ▼
    +"log_id": "cBh3cpTyxVTsJljC"
    +"message": null
    +"url": "https://esi.evetech.net/v1/characters/95923084/ship/"
    +"code": 200
    +"headers": {#434 ▼
      +"request": array:7 [▼
        "Request-Line" => "GET /v1/characters/95923084/ship/ HTTP/1.1"
        "Host" => "esi.evetech.net"
        "Accept" => "*/*"
        "Authorization" => "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkpXVC1TaWduYXR1cmUtS2V5IiwidHlwIjoiSldUIn0.eyJzY3AiOlsiZXNpLWxvY2F0aW9uLnJlYWRfbG9jYXRpb24udjEiLCJlc2ktbG9jYXRpb24ucmVhZF9za ▶"
        "Content-Type" => "application/json"
        "User-Agent" => "ESIKnife Local Development || David Davaham (David Douglas) || ddouglas@douglaswebdev.net"
        "data" => []
      ]
      +"response": array:20 [▼
        "Status-Line" => "HTTP/1.1 200 OK"
        "Date" => "Sun, 07 Oct 2018 07:23:55 GMT"
        "Content-Type" => "application/json; charset=UTF-8"
        "Content-Length" => "74"
        "Connection" => "keep-alive"
        "Access-Control-Allow-Credentials" => "true"
        "Access-Control-Allow-Headers" => "Content-Type,Authorization,If-None-Match,X-User-Agent"
        "Access-Control-Allow-Methods" => "GET,HEAD,OPTIONS"
        "Access-Control-Allow-Origin" => "*"
        "Access-Control-Expose-Headers" => "Content-Type,Warning,ETag,X-Pages,X-ESI-Error-Limit-Remain,X-ESI-Error-Limit-Reset"
        "Access-Control-Max-Age" => "600"
        "Allow" => "GET,HEAD,OPTIONS"
        "Cache-Control" => "private"
        "Etag" => ""4dd43c0770f61b9185098baee19f3ce2f36753d871114e297839b13e""
        "Expires" => "Sun, 07 Oct 2018 07:24:00 GMT"
        "Last-Modified" => "Sun, 07 Oct 2018 07:23:55 GMT"
        "Strict-Transport-Security" => "max-age=31536000"
        "X-Esi-Error-Limit-Remain" => "100"
        "X-Esi-Error-Limit-Reset" => "5"
        "X-Esi-Request-Id" => "25ff7b0d-7cef-4379-a65b-6e358e22a20d"
      ]
    }
    +"response": {#430 ▼
      +"ship_item_id": 1027500721343
      +"ship_name": "IHaveACyno"
      +"ship_type_id": 606
    }
  }
}

But I am assuming that this is acceptable since the life time of these token is only 20 minutes.

Please let me know if there is anything else I can do to assist.
@CarbonAlabel
Copy link
Contributor

CarbonAlabel commented Oct 7, 2018
edited
Loading

Can confirm this, the v2 revocation endpoint does not seem to be revoking refresh tokens as it should be.

My previous testing showed it to be working properly, so I'm guessing this problem was introduced recently, in the last month or so.

@gehnster
Copy link

Could we please get an update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gehnster @ddavaham @CarbonAlabel