Closed kyle-mcknight closed 1 year ago
ESI tokens are scoped to a single character, pretty sure this is working as intended.
ESI tokens are scoped to a single character, pretty sure this is working as intended.
@CarbonAlabel That token has the read assets scope though for that character that I'm attempting to read the assets for...
When I log in with the character to my app the first time, I approve all the scopes and those included the read assets. The decoded jwt shows the scopes.
@Blacksmoke16 please re-open...
@kyle-mcknight Sure it's not a duplicate of https://github.com/esi/esi-issues/issues/1089?
@Blacksmoke16 I'll give that a shot tomorrow and then report back if need be. Thank you.
@Blacksmoke16 That was it, thank you very much.
Bug
When requesting assets for a character that my app has access to, I receive an unexpected 403 forbidden error with a message of "authentication failure".
Using the exact same token, I can make a request to the characters endpoint and get back the character info for the one that I also want to get assets for.
Request
Request URL: https://esi.evetech.net/v5/characters//assets/
Request Method: GET
Status Code: 403
Referrer Policy: strict-origin-when-cross-origin
Request headers:
authority: esi.evetech.net :method: GET :path: /v5/characters//assets/
:scheme: https
accept: application/json, text/plain, /
accept-encoding: gzip, deflate, br
accept-language: en,en-US;q=0.9,ja-JP;q=0.8,ja;q=0.7
authorization: Bearer --ACCESS TOKEN FROM SSO LOGIN--
dnt: 1
origin: http://localhost:4200
referer: http://localhost:4200/
sec-ch-ua: "Google Chrome";v="111", "Not(A:Brand";v="8", "Chromium";v="111"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36
Response
json{"error":"authentication failure"}
Response headers
ccess-control-allow-credentials: true access-control-allow-headers: Content-Type,Authorization,If-None-Match,X-User-Agent access-control-allow-methods: GET,HEAD,OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Type,Warning,ETag,X-Pages,X-ESI-Error-Limit-Remain,X-ESI-Error-Limit-Reset access-control-max-age: 600 allow: GET,HEAD,OPTIONS content-language: en-us content-length: 34 content-type: application/json; charset=utf-8 date: Mon, 10 Apr 2023 18:28:33 GMT strict-transport-security: max-age=31536000 vary: Accept-Language x-esi-error-limit-remain: 96 x-esi-error-limit-reset: 27
Status Code
403
Expected
Please provide either the expected return code, correct response body, header value, or some combination thereof. E.g.:
200
Checklist
Check all boxes that apply to this issue: