[Complete]EVE SSO JWT Token update on 1 November 11:00 UTC

CCP_Zelus · October 18, 2023, 5:07pm

Greetings 3rd party developers!

Just wanted to give notice of an update heading your way during downtime:

Tokens will now include the URL schema in the ‘iss’ (issuer) claim, aligning more closely with relevant specifications.

As an example, effectively the iss claim of the JWT token will change from login.eveonline.com to https://login.eveonline.com

This has been a part of the existing esi documentation here as point 2: Validating JWT tokens from the EVE SSO | esi-docs so it should be included in the workflow of your app already, otherwise, it may need some adjustment to accommodate this.

Apologies for the late notice of this update, we just wanted to ensure it was communicated prior to the change.

Edit:
11:25 UTC - 19th October: This change was implemented at 11:00 UTC, however, it has been temporarily reverted to resolve additional underlying issues. This deployment has been postponed for now. I’ll update this post once a new date/time is established.

17:00 UTC - 27th October: This is going to be re-run again on Monday 30th October at 11:00 UTC. Updating the thread title to reflect this as well.

10:10 UTC - 30th October: This is being postponed one more day for now until the 31st of October to ensure network upgrades go as smoothly as possible.

11:15 UTC - 31st October: This change was implemented at 11:00 UTC, however, it has been temporarily reverted to resolve additional underlying issues. This deployment has been postponed to 1 November 2023.

11:24 UTC - 1st November: This update is complete.

Ariel_Rin · October 19, 2023, 6:23am

Django-ESI 5.0.0 Supports this new Schema, previous versions had a bug that would have prevented our fallback mechanism from working.

Alliance Auth 3.7.1 ships with Django-ESI 5.0.0, but any 3.x version can be fixed with an update to Django-ESI 5.0.0

oOCKYOo · October 19, 2023, 2:55pm

Hi, something else I encountered recently is tokens not working when every available scope is used. Tokens are issued during OAuth process but fail when used to make calls to ESI.

Joao_Neto · October 20, 2023, 9:51am

This is a known bug: Authorization failure when token is too long · Issue #1089 · esi/esi-issues · GitHub

You can drop some scopes, which don’t do anything. See CarbonAlabel’s comment in the link above

CCP_Zelus · October 27, 2023, 5:12pm

I just updated the change log and post title - this will be re-run again during downtime on Monday 30 October.

There is also a network upgrade scheduled for the same time - a separate thread has been set up to track potential downtime as well. Any unexpected downtime messaging will be relayed there.

Upon conclusion of the update, I’ll relay any related messages to this thread.

Nashez · October 28, 2023, 12:12pm

Is this anything to do with incursions being broken?

CCP_Zelus · October 30, 2023, 10:11am

Morning everyone.

This has been postponed one more day to the 31st of October, to allow for network upgrades scheduled for today to go as smoothly as possible.

I’ll once again update the thread tomorrow following the switchover.

CCP_Zelus · October 31, 2023, 5:34pm

Hey everyone,

This was once again implemented during downtime on 31 October but rolled back.

This is going to be attempted during an extended downtime on Wednesday 1 November.

The initial post will be updated to reflect this change.

Herpaderp_Aldent · November 1, 2023, 1:34pm

Late to the party but anyone using GitHub - SocialiteProviders/Eveonline: [READ ONLY] Subtree split of the SocialiteProviders/Eveonline Provider (see SocialiteProviders/Providers) such as https://seatplus.net/ is not affected by the change.

system1 · January 30, 2024, 1:35pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.