Bug 1869966

Summary: [MSTR-1019] Management console log out cannot delete oauthaccesstoken
Product: OpenShift Container Platform Reporter: Xingxing Xia <xxia>
Component: Management ConsoleAssignee: Jakub Hadvig <jhadvig>
Status: CLOSED ERRATA QA Contact: pmali
Severity: high Docs Contact:
Priority: high    
Version: 4.6CC: aos-bugs, deads, dtaylor, jokerman, pweil, spadgett, sttts, yapei
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1871084 1872288 (view as bug list) Environment:
Last Closed: 2020-10-27 16:29:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1871084, 1872288, 1879327    

Description Xingxing Xia 2020-08-19 06:49:01 UTC 
Description of problem:
Now oauthaccesstoken name is not the token value. Management console log out cannot delete oauthaccesstoken. Refer to oc bug 1868324

Version-Release number of selected component (if applicable):
4.6.0-0.nightly-2020-08-18-191231

How reproducible:
Always

Steps to Reproduce:
1. Login to web console
2. Check `oc get oauthaccesstoken`
3. In web console, press F12, click "Network" tab, then log out from web console. Check `oc get oauthaccesstoken` again.

Actual results:
3. Step 2 command output is still shown in step 3 command. "Network" tab shows a "POST" `delete-token` request, click its details, see:
Cookie: openshift-session-token=sha256~rSXZ....

This is the token value, not the oauthaccesstoken object name.

Check `oc whoami --token="sha256~rSXZ..."`, the token is still working, showing the logged in user. This means it is not logged out.

Expected results:
3. The delete-token request should convert the token to oauthaccesstoken name, then delete oauthaccesstoken name like oc bug 1868324

Additional info:
Comment 1 Jakub Hadvig 2020-08-20 21:13:19 UTC 
Will revert https://github.com/openshift/console/pull/6319 when the logout bug is fixed.
Comment 5 Stefan Schimanski 2020-08-25 12:09:32 UTC 
@Jukub compare with https://github.com/openshift/oc/pull/521.

The enhancement describing the change: https://github.com/openshift/enhancements/blob/master/enhancements/authentication/oauth-resource-storage.md

This is a blocker for 4.6. Hence, priority urgent.
Comment 9 Xingxing Xia 2020-08-26 11:43:40 UTC 
Verified in 4.6.0-0.nightly-2020-08-26-010422 with original steps.
Comment 10 David Taylor 2020-08-26 17:51:24 UTC 
*** Bug 1872469 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2020-10-27 16:29:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196