wix-incubator / DeviantArt-API

The DeviantArt API
https://www.deviantart.com/developers/
MIT License
35 stars 5 forks source link

Oauth2 Application No Longer Works #210

Closed Mike-E-angelo closed 1 year ago

Mike-E-angelo commented 1 year ago

I have reported this issue with DeviantArt's support staff, and they told me to report this here. However, this repository does not look active/maintained at all (with one of its maintainers no longer working for DA? ๐Ÿค”) so I have re-opened the ticket there with them.

However, doing my due diligence here and reporting the issue here as well in the off chance that someone might be able to assist.

I have an Oauth2 application registered with DeviantArt that worked fine back in February when I originally created it. Now, it no longer works when I authenticate with it and generates 500 server errors.

This is what I am seeing:

System.Exception: An error was encountered while handling the remote login.

---> System.Exception: OAuth token endpoint failure: Status: Forbidden;Headers: Server: CloudFront

Date: Sun, 11 Dec 2022 08:41:00 GMT

Connection: keep-alive

X-Cache: Error from cloudfront

Via: 1.1 [cc99d70eb21145e5ef464d134671481e.cloudfront.net](http://cc99d70eb21145e5ef464d134671481e.cloudfront.net/) (CloudFront)

X-Amz-Cf-Pop: ORD52-C3

X-Amz-Cf-Id: lMAkbHFFiNV_Q8VcX4R00X-i0knZCHeziCTI5bpJr43NJpJCQvJBnQ==

;Body: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<TITLE>ERROR: The request could not be satisfied</TITLE>

</HEAD><BODY>

<H1>403 ERROR</H1>

<H2>The request could not be satisfied.</H2>

<HR noshade size="1px">

Request blocked.

We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.

<BR clear="all">

If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

<BR clear="all">

<HR noshade size="1px">

<PRE>

Generated by cloudfront (CloudFront)

Request ID: lMAkbHFFiNV_Q8VcX4R00X-i0knZCHeziCTI5bpJr43NJpJCQvJBnQ==

</PRE>

<ADDRESS>

</ADDRESS>

</BODY></HTML>;
Mike-E-angelo commented 1 year ago

Hello, I did report this on December 11th, so it's been about 11 days now that my application is broken with DeviantArt Oauth2 and my users cannot sign in with their corresponding identity. Any assistance would be appreciated.

chrisbolt commented 1 year ago

@Mike-E-angelo do you have a more recent error message? I can only trace Request IDs in the last 2-3 days. Do you have any other details, such as the URL youโ€™re requesting and the headers of the request?

Now, it no longer works when I authenticate with it and generates 500 server errors.

The error you pasted is a 403, are you also getting 500 errors?

Mike-E-angelo commented 1 year ago

Thank you @chrisbolt for your reply. Indeed, 500 errors in my application upon successful authentication and looking at the error details in my logs I am presented with the above 403.

This did not occur earlier in the year and was only encountered recently (a day or so before reporting). That is, I was able to login without 403/500 in August when testing out the Oauth then. I should have been a bit more diligent with testing ... and will be from now on. :)

Thank you for any continued assistance/insight you can provide.

chrisbolt commented 1 year ago

@Mike-E-angelo if youโ€™re still receiving errors, please share an error message including a request ID so that I can look it up and see whatโ€™s going on.

Mike-E-angelo commented 1 year ago

Thank you for the suggestion and continuing assistance @chrisbolt ... I did try to produce a current/recent exception for you. Unfortunately, I am now running into a new issue here, captured here: https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/issues/752

I am not able to get a request ID for this new issue. However, note that the error reported originally here does contain that. Are you able to use this to perhaps assist?

Note that as I mention in the newly created issue to the ASP.NET team, this only seems to occur in production (naturally ๐Ÿ™„). In my local development environment, everything works perfectly fine.

Note that I do have CSP applied to both environments but the deviantart domain is not configured in either, nor are there any messages printed out in the console regarding this (it was a thought I had and wanted to share in hopes of prompting perhaps another suggestion of what may be going on here).

Mike-E-angelo commented 1 year ago

I can only trace Request IDs in the last 2-3 days.

Ah, bummer I am just now seeing this. ๐Ÿ˜ž Says a lot when you have a policy in place for only 2-3 days of logs but support takes over a week to even get to your ticket.

Mike-E-angelo commented 1 year ago

Alright @chrisbolt I finally was able to get a request for you. This occurs during exchanging the code. Here is the result

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: zYAlgqB1vrICGK6dIvvgEAqIPcVc_dPdH29edN9pu1i9mxPJ8FZMYA==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>
chrisbolt commented 1 year ago

Hi @Mike-E-angelo, your IP was in an IP range that was blocked because of some malicious attacks we've been receiving from Azure IPs. I've refined our blocking rules so your OAuth requests should be unblocked now, can you try again and let me know if your issue is resolved?

Mike-E-angelo commented 1 year ago

Woohoo problem/mystery solved! Thank you so very much @chrisbolt for your quick diligence in figuring this out and resolving it! It is very much appreciated. ๐Ÿ‘

Happy Holidays to you and the team out there. ๐ŸŽ…๐ŸŽ„โ˜ƒ