SSO callback blocked by certain browsers

[Yevrashka]

Edit by blitzmann:

Currently this behavior has been confirmed on Brave and Safari browsers. As a workaround, please disable the security features for "https://pyfa-org.github.io/" (see comments in this thread), use another browser such as Chrome, or use Manual mode.

---

An error appears when trying to add SSO Character on latest release if the Login Authentication Method in preferences is set to Local Server (if it is set to Manual everything is OK): pyfa

Error! Server response not received. The local pyfa server may have timed out, or may not have started correctly.

Release or development git branch? Please note the release version or commit hash:

Release version 2.38.1

Operating system and version (eg: Windows 10, OS X 10.9, OS X 10.11, Ubuntu 16.10):

OS X 12.0.1

[blitzmann]

How long does it take you from pushing that button to add a character to actually logging in on EVE's site? The pyfa server starts a server but it has a timeout that, if it doesn't get a request, shuts off the server

[blitzmann]

If the local server just isn't working (might not work due to permissions / group policy / who knows) there's a manual mode. Got to preferences > SSO and select manual. You'll be prompted to copy and paste information into pyfa that supplies the character / SSO information without spinning up a local server

[Yevrashka]

If the local server just isn't working (might not work due to permissions / group policy / who knows) there's a manual mode. Got to preferences > SSO and select manual. You'll be prompted to copy and paste information into pyfa that supplies the character / SSO information without spinning up a local server

Manual mode works fine as intended. Can't figure out what is wrong with the Local Server mode - It worked in 2.37.

[Yevrashka]

How long does it take you from pushing that button to add a character to actually logging in on EVE's site?< A couple of seconds..

[blitzmann]

There were changes to how SSO works in 2.38, but nothing really changes about how the server itself launched. Does the error happen as soon as you click "Add Character"? Or sometime later?

[Yevrashka]

There were changes to how SSO works in 2.38, but nothing really changes about how the server itself launched. Does the error happen as soon as you click "Add Character"? Or sometime later?

Immediately. I press add character in pyfa, it opens login.eveonline.com in Safari, I choose my char, press Authorize and it skips to pyfa-org.github.io with the error message in my 1st post.

[blitzmann]

Oh so it's the message displaying in Chrome. So thats a situation where the webpage can't communicate with your local server.

Unfortunately I don't have a mac / safari to test with. @DarkFenX would you be able to test?

[zrupcic]

I had the same problem with Brave browser in Windows. I switched to Chrome (I wouldn't think it's my browser's fault if I haven't seen this thread) and it worked again.

[blitzmann]

Hrm, interesting. The callback url (the one located at https://pyfa-org.github.io/Pyfa/callback that you're redirected to after signing in) make a POST request to the local pyfa server which is running on a random port on localhost. Brave, being developed as a secure / privacy oriented browser, may block such requests by default.

Which is exactly why we have the manual option for those that have an issue with the server or, apparently, browser. :)

[KeithBarrows]

I am getting the same error on a Windows 11 machine with a Brave Browser! Launches the web ESI SSO login page just fine. As soon as I click "Authorize" I get:

pyfa Error! Server response not received. The local pyfa server may have timed out, or may not have started correctly.

Total time from clicking in Pyfa to add a character to the error page was less than 15 seconds.

Switching to Manual Mode worked just fine. Don't know if it is the ESI changes CCP is doing right now or if your server is toasted.

NOTE: Reading the middle messages I see Brave as a possible culprit. Thank you for manual mode!

TIA

[philipbel]

Seeing the same issue on macOS. I can confirm that manual mode works.

[blitzmann]

Seeing the same issue on macOS. I can confirm that manual mode works.

Using which browser?

[philipbel]

Seeing the same issue on macOS. I can confirm that manual mode works.

Using which browser?

Safari 14 on macOS 11.4

[blitzmann]

Safari might have the same situation as Brave, in which it blocks communication to localhost.

I can see this as being a bit more widespread, I'll have to think about possible solutions. For now, manual mode to the rescue!

[joonashak]

I can confirm that this is a localhost blocking issue.

Solution for Brave users:

1. Go through EVE SSO log in process.
2. On the Pyfa Authentication Proxy page (https://pyfa-org.github.io/Pyfa/callback...) you will see the usual error message that it cannot connect to the local server. Click the Brave icon (the lion) beside in the address bar and disable shields for that site.
3. The pending authentication should succeed immediately without reloading and the error message should update into a success message.

I imagine there is a similar solution for Safari.

[Epreuve]

Hit this snag on Brave (Windows) and did some digging. It appears to be blocked by the Fingerprint Blocking portion of Brave's Shield feature (The ad blocking/HTTPS upgrading/etc. part).

You can confirm this by navigating to brave://settings/shields and temporarily setting Fingerprint Blocking to disabled. I didn't do too much digging beyond this as both the manual option worked, but with this toggled temporarily the redirect worked, too. I suspect it might have something to do with the GH page trying to forward to an HTTP endpoint for the local server and Brave blocking it for some reason via that feature?

It's possible there's a similar option in Safari, or an Addon/plugin such as Adblocker/uBlock/etc. is preventing the GH page from forwarding the oAuth creds on to the local server. I don't have much free time between the holidays and work to dig myself, nor am I really well versed in Python, though hopefully someone who has the time and is better versed might be able to use this information if for no other reason than to craft a message on the GH page should the auth flow fail.

[poundjd]

windows 11, Chrome, and can't get sso with Pyfa v2-42 running.

nice upgrade, but can't get new characters in This wonderful version. -jeff

[blitzmann]

@poundjd have you tried manual mode?