[BUG] RSO blocks api calls with cloudflare error 1020

[SidiaDevelopment]

Bug Description
I am using the RSO Api for around a week now. The first server I deployed on immediately got blocked by cloudflare and I got some suggested solutions from other RSO developers like settings another user-agent and settings TLSv1.2 + ciphers, nothing helped. My requests done with the popular NodeJS library "axios" did not go through. A simple curl call from that same server did though.

Then I deployed to another server at another hosting provider, everything seemed fine. Out of the blue our application is getting error 1020 again now. From what I've read this is a firewall issue.

I just fire simple requests to the Riot RSO Api, up to 10 per minute, depending how many users are interacting with the application (A discord bot, that verifies users by linking them to their LoL Account), no custom headers apart from the api key and auth / bearer ones. Also as the hosting provider is the largest in europe I don't think their IP range should be on any blacklists.

Problem Description
I send a /token request to the RSO Api and the Api answers with a cloudflare 1020 error.

Expected Result
The Api should answer with a normal RSO /token result

Actual Result
I get a response with the data : "error code: 1020"

Developer Impact
Describe how this affects you as a developer. Please include the frequency and severity of the issue.

• Frequency: Every API call to /token and /userinfo endpoints of the RSO Api
• Severity: It completely disables the application from working, no new user can enter the discord
• Cost: I could rent another server to deploy my application but I don't know how long until the application runs into the 1020 error again or if it even works
• Efficiency: -
• User emails: We get ~10 users per hour that cannot enter the server and most of them complain about it in the ticket system of the server.

Player Impact
Describe how this affects League of Legends players. Please include the frequency and severity of the issue.

• Frequency: League of Legends players cannot enter the biggest german League of Legends Discord (which is directly owned by Riot)
• Severity: When this bug occurs the user cannot enter the discord. It affects 100% of the around 200 users per day.
• Quantity: Currently around 100 people have this problem, it will be more by the hour.
• Region: This is a global issue, though we have 99.9% EUW users.

Preconditions
What conditions must be met in order for this bug to occur?

It does not need preconditions, just an RSO Api request

Repro Steps
Step by step, what do you need to do to cause the bug?

1. Redirect user to RSO login page
2. User gets redirected back to my application
3. My application calls the /token url of the RSO Api
4. My application gets the broken response.

This is also reproduceable with the demo RSO Application that I got when receiving RSO instructions, the only condition is to be deployed on one of my 2 servers.

[trebonius0]

@RiotTuxedo I'm having the same issue. It started yesterday between 5pm and 8pm CET. Could you have a look ?

[Token07]

Per this discord message, this issue should be resolved now.

[lucasMesquitaBorges]

We've made changes in the Cloudflare rules and the 1020 error shouldn't happen again for the RSO Authentication. Sorry for the inconvenience.