Skip to content

fix: auto-recover from OAuth app deletion after token revocation #3382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 22, 2025
Merged

fix: auto-recover from OAuth app deletion after token revocation #3382

merged 1 commit into from
Sep 22, 2025

Conversation

@abcb1122
Copy link
Contributor

When users revoke OAuth access on their Mastodon server, the OAuth application gets deleted but remains cached in Elk. This causes login failures with 'Client authentication failed due to unknown client'.

This fix adds automatic detection and recovery:

  • Detects specific invalid_client errors (401 status)
  • Automatically invalidates stale cached OAuth credentials
  • Creates fresh OAuth application and retries seamlessly
  • Single retry prevents infinite loops
  • Preserves existing error handling for other failures

Changes:

  • Add invalidateApp() function to server/utils/shared.ts
  • Enhanced error handling in server/api/[server]/oauth/[origin].ts
  • Backward compatible, zero breaking changes

Fixes #2422

@abcb1122
fix: auto-recover from OAuth app deletion after token revocation (elk…
a6e6815 
…-zone#2422)

When users revoke OAuth access on their Mastodon server, the OAuth application gets deleted but remains cached in Elk. This causes login failures with 'Client authentication failed due to unknown client'.

This fix adds automatic detection and recovery:
- Detects specific invalid_client errors (401 status)
- Automatically invalidates stale cached OAuth credentials
- Creates fresh OAuth application and retries seamlessly
- Single retry prevents infinite loops
- Preserves existing error handling for other failures

Changes:
- Add invalidateApp() function to server/utils/shared.ts
- Enhanced error handling in server/api/[server]/oauth/[origin].ts
- Backward compatible, zero breaking changes

Fixes elk-zone#2422
@netlify
Copy link

netlify bot commented Sep 18, 2025
edited
Loading

Deploy Preview for elk-docs canceled.

Name Link
🔨 Latest commit a6e6815
🔍 Latest deploy log https://app.netlify.com/projects/elk-docs/deploys/68cc15d380441e00086f0992

@netlify
Copy link

netlify bot commented Sep 18, 2025
edited
Loading

Deploy Preview for elk-zone ready!

Name Link
🔨 Latest commit a6e6815
🔍 Latest deploy log https://app.netlify.com/projects/elk-zone/deploys/68cc15d3ac892700080bbc0a
😎 Deploy Preview https://deploy-preview-3382--elk-zone.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@abcb1122 abcb1122 mentioned this pull request Sep 18, 2025
Closed
@danielroe danielroe changed the title fix: auto-recover from OAuth app deletion after token revocation (#2422) fix: auto-recover from OAuth app deletion after token revocation Sep 22, 2025
@danielroe danielroe added this pull request to the merge queue Sep 22, 2025
Merged via the queue into elk-zone:main with commit 37a91a0 Sep 22, 2025
15 checks passed
@alexanmtz
Copy link

Hey @abcb1122 , you can claim the bounty added to the related issue #3382 here by sending your PR : https://gitpay.me/#/task/1063/revoked-access-to-elk-and-now-cannot-log-back-in

@shuuji3
Copy link
Member

shuuji3 commented Sep 22, 2025

@abcb1122 Thank you so much! Many people have been waiting for a fix for this issue 😀

@shuuji3 shuuji3 mentioned this pull request Sep 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danielroe danielroe danielroe approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Revoked access to Elk, and now cannot log back in

4 participants

@abcb1122 @alexanmtz @shuuji3 @danielroe