https://www.ory.sh/ logo
Join Slack
Powered by
Hi everyone, looks like we have an issue on all ou...
# talk-hydra
j
Hi everyone, looks like we have an issue on all our environments (dev, stage, prod): 404 error thrown on following endpoint - /admin/oauth2/auth/requests/login/accept?login_challenge=xxxxx It is very weird, yesterday all was working, stage and production were not changed at all since yesterday but they are also throwing errors: Wrong or expired consent token used. Please try again. I wonder if it is only our issue or a global one? Thanks
h
Ory Network?
Or self-hosted?
b
Ory Network
The issue looks to be related to double url encoding or the challenge values
h
Could you please raise an issue in ory/network on github with as many details as possible?
It’s EOB here so I can’t promise immediate resolution but we will investigate tomorrow morning unless you have identified the issue already
how is it looking?
b
We are still investigating it. The issue might be on our end. What's not clear is why it only surfaced yesterday. @high-optician-2097 were there any recent changes in Hydra (Ory Network) related to url encoding parameters in API responses?
h
No changes related to encoding parameters, but we did change the format of the login challenge and consent challenge and verifiers from a UUID to a different random string
b
We figured out what's going on. We did not have proper query string parsing/decoding in place on our side. With the change of the format for challenges and verifiers they started getting characters that are url-encoded (namely 
=
). We are then making calls to Hydra Admin APIs and encoding those already encoded values, e.g.: 
==
(raw value) => 
%3D%3D
(encoded value) => 
%253D%253D
(double encoded value) Addressing the query string parsing on our side will address the issue. There is nothing wrong on the Hydra side. Thanks for jumping in anyway @high-optician-2097! 🙂
h
you’re welcome!
Open in Slack
PreviousNext
Powered by