search

Amebis / eduVPN

Windows eduVPN Client
GNU General Public License v3.0
40 stars 16 forks source link

token endpoint called twice? #219

Closed ghost closed 1 year ago

ghost commented 1 year ago

it seems the token endpoint is called twice. It is only reproducible (as far as I can see, but maybe there are more scenarios) like this:

  1. Remove all entries from the eduVPN app
  2. Quit the client (fully)
  3. Start the client
  4. (Manually) add the server, tested it with vpn-next.tuxed.net
  5. Go through authz/authn flow
  6. App auto connects to VPN (so server must have only 1 profile)

If you observe the web server logs you'll see this:

1.2.3.4 - - [09/Feb/2023:22:25:02 +0000] "POST /vpn-user-portal/oauth/token HTTP/1.1" 200 1136
1.2.3.4 - - [09/Feb/2023:22:25:02 +0000] "GET /vpn-user-portal/api/v3/info HTTP/1.1" 200 141
1.2.3.4 - - [09/Feb/2023:22:25:03 +0000] "POST /vpn-user-portal/api/v3/connect HTTP/1.1" 200 2218
1.2.3.4 - - [09/Feb/2023:22:25:09 +0000] "GET /.well-known/vpn-user-portal HTTP/1.1" 200 283
1.2.3.4 - - [09/Feb/2023:22:25:09 +0000] "POST /vpn-user-portal/oauth/token HTTP/1.1" 200 1136

Notice the last two line, that is not really expected to be there. Is it used to obtain a new access token using a refresh token (already?)?

Client: Windows 10, 3.3.6.

rozmansi commented 1 year ago

Can't reproduce with master. Does your log have any more entries after that? The client does the token endpoint call to get the token because it needs to do something with it. In other words: if called, the token endpoint is called immediately before /info, /connect or /disconnect. The call that followed would shed me some light, why the token endpoint was called for the second time.

It's also mind-boggling, why /.well-known/vpn-user-portal was called. The client version you are testing with still has this cached in the memory.

I'm preparing a new release shortly. I have added some logging on the client side and will kindly ask you to try with the next release.

ghost commented 1 year ago

I'm preparing a new release shortly. I have added some logging on the client side and will kindly ask you to try with the next release.

Perfect, I'll test it with that one again then, it is (hopefully was) easy to reproduce for me...

ghost commented 1 year ago

From what I can see (and reported in chat) this has been resolved.