search

ccpgames / sso-issues

Please file issues with the CCP SSO (login.eveonline.com) here.
17 stars 1 forks source link

[SSOv2] POST to /token/ fails with error 500 #47

Open Ionaru opened 5 years ago

Ionaru commented 5 years ago

Bug

When sending a POST request to https://login.eveonline.com/v2/oauth/token, the server responds with 500 Internal Server Error and body 'An error has occurred.'.

This is preventing me from completing any SSOv2 authentication.

Small reproduction program at: https://gist.github.com/Ionaru/b9b484eb02df5b12ef5bd55749a78eca

Reproduction Steps

  1. git clone https://gist.github.com/b9b484eb02df5b12ef5bd55749a78eca.git.
  2. cd b9b484eb02df5b12ef5bd55749a78eca.
  3. npm i.
  4. Create a new application with callback URL http://localhost:3000/sso/auth-callback and scope esi-wallet.read_character_wallet.v1.
  5. Fill clientId and secretKey variables in index.js with correct values from application.
  6. npm run start.
  7. go to http://localhost:3000.
  8. Login, select a character and click Authorize.
  9. Authorize the scope (esi-wallet.read_character_wallet.v1).
  10. Check messages in browser and terminal.

Actual Behaviour

Request responds with 500 Internal Server Error { Message: 'An error has occurred.' }

Expected Behaviour

Response contains normal data: access_token, token_type, etc.

Dependencies

Ionaru commented 5 years ago

The problem here is that I was sending the grant_type and code as query parameters instead of x-www-form-urlencoded in the body. This used to work with SSOv1 even though it is not in the spec. SSOv2 no longer supports this.

However the 500 Internal Server Error is confusing, I'd expect it to return 400 Bad Request because the request body is missing.

stebet commented 5 years ago

Thanks. I'll take a look at this :)

And yes, using query parameters is not supported for v2, but we'll make the error message clearer.