Bug 1869966 - [MSTR-1019] Management console log out cannot delete oauthaccesstoken
Summary: [MSTR-1019] Management console log out cannot delete oauthaccesstoken
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.6.0
Assignee: Jakub Hadvig
QA Contact: pmali
URL:
Whiteboard:
Depends On:
Blocks: 1871084 1872288 1879327
TreeView+ depends on / blocked
 
Reported: 2020-08-19 06:49 UTC by Xingxing Xia
Modified: 2020-10-27 16:29 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1871084 1872288 (view as bug list)
Environment:
Last Closed: 2020-10-27 16:29:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 6431 0 None closed Bug 1869966: Delete the hashed session token on user logout 2020-12-18 10:53:42 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:29:25 UTC

Description Xingxing Xia 2020-08-19 06:49:01 UTC 
Description of problem:
Now oauthaccesstoken name is not the token value. Management console log out cannot delete oauthaccesstoken. Refer to oc bug 1868324

Version-Release number of selected component (if applicable):
4.6.0-0.nightly-2020-08-18-191231

How reproducible:
Always

Steps to Reproduce:
1. Login to web console
2. Check `oc get oauthaccesstoken`
3. In web console, press F12, click "Network" tab, then log out from web console. Check `oc get oauthaccesstoken` again.

Actual results:
3. Step 2 command output is still shown in step 3 command. "Network" tab shows a "POST" `delete-token` request, click its details, see:
Cookie: openshift-session-token=sha256~rSXZ....

This is the token value, not the oauthaccesstoken object name.

Check `oc whoami --token="sha256~rSXZ..."`, the token is still working, showing the logged in user. This means it is not logged out.

Expected results:
3. The delete-token request should convert the token to oauthaccesstoken name, then delete oauthaccesstoken name like oc bug 1868324

Additional info:
Comment 1 Jakub Hadvig 2020-08-20 21:13:19 UTC 
Will revert https://github.com/openshift/console/pull/6319 when the logout bug is fixed.
Comment 5 Stefan Schimanski 2020-08-25 12:09:32 UTC 
@Jukub compare with https://github.com/openshift/oc/pull/521.

The enhancement describing the change: https://github.com/openshift/enhancements/blob/master/enhancements/authentication/oauth-resource-storage.md

This is a blocker for 4.6. Hence, priority urgent.
Comment 9 Xingxing Xia 2020-08-26 11:43:40 UTC 
Verified in 4.6.0-0.nightly-2020-08-26-010422 with original steps.
Comment 10 David Taylor 2020-08-26 17:51:24 UTC 
*** Bug 1872469 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2020-10-27 16:29:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196
Note You need to log in before you can comment on or make changes to this bug.