esi
Authorization failure when token is too long
Bug
Make your application request an access token using all scopes currently available and then use that token on any endpoint.
Make sure you are logged in to https://login.eveonline.com beforehand.
Request
First authorize yourself using SSOv2 and ALL scopes available. Then make an request to any endpoint using the token you got.
Response
{ "error": "authentication failure" }
Workaround
Just don't request all scopes. It is highly unlikely that you would need them all.
Expected
The output of the endpoint you are sending your request to.
Checklist
Check all boxes that apply to this issue:
- [x] Bug description is provided
- [x] Request path is provided
- [ ] Response status code is provided
- [ ] Response headers are provided
- [x] Response body is provided
- [x] Expected response is provided
Reopening since it seems to be an error specifically with using an SSO token on ESI.
Summarizing a discussion from Slack to add relevant info:
- Access tokens with a length of 4154 (all available scopes) fail to authenticate on esi.evetech.net
- Token can be verified using https://login.eveonline.com/oauth/verify
- User specified the error does not occur when they leave out two scopes, bringing the length down to < 4096
Simple and effective workaround: Don't request tokens with all scopes.
GESI requests all scopes and I haven't heard of anyone having this issue. Using the V2 SSO stuff tho.
GESI requests all scopes and I haven't heard of anyone having this issue. Using the V2 SSO stuff tho.
@RamonRobben is also using V2, otherwise the scope list wouldn't affect the token length anyways. Is GESI requesting publicData and esi-corporations.read_outposts.v1, too? Guessing you might not be requesting those since they are pointless.
Then the issue seems easy to fix. Just remove publicData and esi-corporations.read_outposts.v1 from the scope list.
p.s by removing it from the scope list I mean whoever is developing this API should remove them from even being an option to select for your application.
I just looked. Yea, those are the only 2 its not requesting since they're not used on any route. So that would prob be why this error doesn't happen.
But yea, prob can be removed from the dev app UI at this point.
publicData does have a reason to exist and can't be removed. There's just no point in including it if you have any other scopes. It exists so people can get a refresh token for character verification without requesting any private scopes.
The outpost scope should def be gone though, that's an oversight. It doesn't solve the underlying problem with token length though.
I have the same problem. Everything works fine with fewer scopes, but not with all scopes. EVE SSO/ESI verify with Angular/TypeScript
@GENiALi same recommendation for you until this gets fixed, don't request the publicData and esi-corporations.read_outposts.v1 scopes since they don't serve any purpose in your request.
I've hidden the read_outposts and write_structures scopes because they're no longer used. At some point in the future, probably about 9 months from now, I'll for-reals delete them.
I'll put a blog out about it in a few weeks once I've spoken to the sso guys and know exactly what the plan is, but in the mean time if you guys wanna get out ahead of this, stop adding those scopes to your login URLs now and the transition should be seamless for you.
This doesn't solve the underlying problem of a token length limit, just a bit of cleanup.
Updated list of useless scopes:
-
publicData- v2 SSO will always provide a refresh token -
esi-characterstats.read.v1- endpoint was recently removed -
esi-characters.read_chat_channels.v1- endpoint was removed a long time ago -
esi-bookmarks.read_character_bookmarks.v1andesi-bookmarks.read_corporation_bookmarks.v1- endpoints weren't updated to the new bookmark system -
esi-wallet.read_corporation_wallet.v1- typoed scope still available when creating an SSO app, proper scope isesi-wallet.read_corporation_wallets.v1
The issue is still happening as of today. This post just saved me after hours of work trying to figure out what was wrong
All of my token went invalid today with the error message : authentication failure
Starting at 2021-12-30 11:08:19 to 2021-12-30 11:47:15 (UTC) and probably beyond
Wasted a good chunk of time figuring out what was going on until I stumbled upon this
For all running into this issue, see the workaround. You should only request the scopes you need and not everything and the kitchen sink. You can always expand upon later as you add features.
