Bug 1869966 - [MSTR-1019] Management console log out cannot delete oauthaccesstoken
Summary: [MSTR-1019] Management console log out cannot delete oauthaccesstoken
Keywords:
Status: VERIFIED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.6.0
Assignee: Jakub Hadvig
QA Contact: pmali
URL:
Whiteboard:
Depends On:
Blocks: 1871084 1879327 1872288
TreeView+ depends on / blocked
 
Reported: 2020-08-19 06:49 UTC by Xingxing Xia
Modified: 2020-09-16 02:35 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1871084 1872288 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift console pull 6431 None closed Bug 1869966: Delete the hashed session token on user logout 2020-09-22 13:40:58 UTC

Description Xingxing Xia 2020-08-19 06:49:01 UTC
Description of problem:
Now oauthaccesstoken name is not the token value. Management console log out cannot delete oauthaccesstoken. Refer to oc bug 1868324

Version-Release number of selected component (if applicable):
4.6.0-0.nightly-2020-08-18-191231

How reproducible:
Always

Steps to Reproduce:
1. Login to web console
2. Check `oc get oauthaccesstoken`
3. In web console, press F12, click "Network" tab, then log out from web console. Check `oc get oauthaccesstoken` again.

Actual results:
3. Step 2 command output is still shown in step 3 command. "Network" tab shows a "POST" `delete-token` request, click its details, see:
Cookie: openshift-session-token=sha256~rSXZ....

This is the token value, not the oauthaccesstoken object name.

Check `oc whoami --token="sha256~rSXZ..."`, the token is still working, showing the logged in user. This means it is not logged out.

Expected results:
3. The delete-token request should convert the token to oauthaccesstoken name, then delete oauthaccesstoken name like oc bug 1868324

Additional info:

Comment 1 Jakub Hadvig 2020-08-20 21:13:19 UTC
Will revert https://github.com/openshift/console/pull/6319 when the logout bug is fixed.

Comment 5 Stefan Schimanski 2020-08-25 12:09:32 UTC
@Jukub compare with https://github.com/openshift/oc/pull/521.

The enhancement describing the change: https://github.com/openshift/enhancements/blob/master/enhancements/authentication/oauth-resource-storage.md

This is a blocker for 4.6. Hence, priority urgent.

Comment 9 Xingxing Xia 2020-08-26 11:43:40 UTC
Verified in 4.6.0-0.nightly-2020-08-26-010422 with original steps.

Comment 10 David Taylor 2020-08-26 17:51:24 UTC
*** Bug 1872469 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.