search

esi / esi-issues

Issue tracking and feature requests for ESI
https://esi.evetech.net/
208 stars 23 forks source link

403 forbidden for some endpoints and not others #1348

Closed kyle-mcknight closed 1 year ago

kyle-mcknight commented 1 year ago

Bug

When requesting assets for a character that my app has access to, I receive an unexpected 403 forbidden error with a message of "authentication failure".

Using the exact same token, I can make a request to the characters endpoint and get back the character info for the one that I also want to get assets for.

Request

Request URL: https://esi.evetech.net/v5/characters//assets/ Request Method: GET Status Code: 403 Referrer Policy: strict-origin-when-cross-origin

Request headers:

authority: esi.evetech.net :method: GET :path: /v5/characters//assets/ :scheme: https accept: application/json, text/plain, / accept-encoding: gzip, deflate, br accept-language: en,en-US;q=0.9,ja-JP;q=0.8,ja;q=0.7 authorization: Bearer --ACCESS TOKEN FROM SSO LOGIN-- dnt: 1 origin: http://localhost:4200 referer: http://localhost:4200/ sec-ch-ua: "Google Chrome";v="111", "Not(A:Brand";v="8", "Chromium";v="111" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-fetch-dest: empty sec-fetch-mode: cors sec-fetch-site: cross-site user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36

Response

json{"error":"authentication failure"}

Response headers

ccess-control-allow-credentials: true access-control-allow-headers: Content-Type,Authorization,If-None-Match,X-User-Agent access-control-allow-methods: GET,HEAD,OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Type,Warning,ETag,X-Pages,X-ESI-Error-Limit-Remain,X-ESI-Error-Limit-Reset access-control-max-age: 600 allow: GET,HEAD,OPTIONS content-language: en-us content-length: 34 content-type: application/json; charset=utf-8 date: Mon, 10 Apr 2023 18:28:33 GMT strict-transport-security: max-age=31536000 vary: Accept-Language x-esi-error-limit-remain: 96 x-esi-error-limit-reset: 27

Status Code

403

Date: Fri, 27 Apr 2018 07:22:48 GMT
Expires:
Last-Modified:
X-ESI-Request-ID: dcc736af-a73a-4c99-add5-8d66e197cec6
ETag:

Expected

Please provide either the expected return code, correct response body, header value, or some combination thereof. E.g.:

200

Checklist

Check all boxes that apply to this issue:

CarbonAlabel commented 1 year ago

ESI tokens are scoped to a single character, pretty sure this is working as intended.

kyle-mcknight commented 1 year ago

ESI tokens are scoped to a single character, pretty sure this is working as intended.

@CarbonAlabel That token has the read assets scope though for that character that I'm attempting to read the assets for...

When I log in with the character to my app the first time, I approve all the scopes and those included the read assets. The decoded jwt shows the scopes.

has-assets-permission

@Blacksmoke16 please re-open...

Blacksmoke16 commented 1 year ago

@kyle-mcknight Sure it's not a duplicate of https://github.com/esi/esi-issues/issues/1089?

kyle-mcknight commented 1 year ago

@Blacksmoke16 I'll give that a shot tomorrow and then report back if need be. Thank you.

kyle-mcknight commented 1 year ago

@Blacksmoke16 That was it, thank you very much.