So angry - Vivokey, Spark1 Spark2

fraggersparks · December 3, 2021, 10:58am

I do note that we don’t offer the Vivokey API as a uptime-guaranteed service. it’s best effort.

Can you send me the ID of your service?

The only change we’ve made was to close vulnerabilities on redirect URLs, as yeka has said.

I will investigate in our backend and confirm what’s going on.

Rosco · December 3, 2021, 11:27am

That’s kind of the curse of implants: if they were ordinary products, people would understand and have measured reactions. But when the product gets under your skin and stuff don’t perform, it… gets under your skin Things can becomes very personal and emotional.

Eriequiet · December 3, 2021, 11:56am

I just assume nothing will work, and anything that does is a pleasant surprise… and I’m not surprised if it doesn’t

Might be a tad dark/bleak

Rosco · December 3, 2021, 12:32pm

I do that too. In fact, I always assume the worst so I’m never disappointed. Still, implants going tits up kind of get to me in a depressing sort of way for a little while, strangely enough.

amal · December 3, 2021, 12:43pm

This is usually due to mismatch, particularly the protocol… so like is your application URI set up with http or https, and are you actually redirecting to http or https?

yeka · December 3, 2021, 12:54pm

This is the forum, not his own app. I’ve just tested it, and this html encoding is indeed the issue.

I can also reproduce the “permenent” bug now. But there are 2 workarounds now.

APartOfMe · December 18, 2021, 11:21pm

Just popping in to mention that I can also reproduce this bug. Even when logging in here, I have to scan the chip, wait for the failed request message, go back, scan the chip a second time, wait for that to fail, then navigate back to the original site and hit login for a third time. It’s obviously not the end of the world, but it’s caused me to not bother logging into this site with my spark 2 since It’ll take longer than just using my email/password

amal · December 19, 2021, 1:12am

I think we are pretty close to just scrapping the whole platform as-is and launching v2 instead.

Devilclarke · December 19, 2021, 3:07pm

Please tell me that dosnt include the chpiscan api only just got it working.

yeka · December 19, 2021, 5:18pm

chipscanlib IS v2 ig

amal · December 19, 2021, 7:39pm

Yeah chipscan is part of the v2 platform were working on.

tofu · December 19, 2021, 9:04pm

This is exactly what happens to me.

cerverus · January 8, 2022, 6:47am

https,
Now I create a new domain, first install vivokey plugin wordpress, connect with the user and i have the same problem when I identifh to wordpress say
The client identifier (client_id) is missing or invalid

But the problem is when I try to identify myself in the vivokey forum, put login see qr, take my phone scan spark, read the qr and:

Redirect URI Error

The request fails due to a missing, invalid, or mismatching redirection URI (redirect_uri).

And you might think it is a thing of the pc, of the browsers, because not when I try it from the same smartphone, with the smartphone browser this image comes out, instead within the application if I scan my spark I can enter see everything

yeka · January 8, 2022, 9:55am

99% sure just from the looks it’s the same bug as above.
If you need to login use my workaround above to remove the html entities from the url that gives the error.
Except for that we can just wait… the page is broken.

The phone thing can be explained, I guess it’s the app which just shows a different error for the same thing.

oalsc · January 27, 2022, 12:59am

@amal I found the possible error… is in url of vivokey api

see this url
https://api.vivokey.com/openid/authorize?response_type=code&scope=openid&client_id=46690950981&state=register&redirect_uri=http://cyberdangerous.com

when i update & to & its worked for me

and it was like this

https://api.vivokey.com/openid/authorize?response_type=code&scope=openid&client_id=46690950981&state=register&redirect_uri=http://cyberdangerous.com

GoeticGirl2086 · January 27, 2022, 1:35am

Something is wrong with the code. Could it be a mistyped credentials or something? Maybe if you reset the vivokey, it might work

Fade0 · January 27, 2022, 7:30am

As @yeka has noted, this 100% seems to be an issue with the URL being constructed improperly causing the & symbol to be encoded as a “URL safe” html entity.

I’m not really familiar yet with the Spark ecosystem, where/how is the url being produced?

mekhos · January 27, 2022, 8:22am

Does this help?
https://developer.vivokey.com/docs/index.php

yeka · January 27, 2022, 10:24am

Yes it’s a VK bug, look above for a workaround.

Heck, I’ll try to make a tampermonkey script for it today. At least it feels fixed then.

yeka · January 27, 2022, 11:22am

Automated Workaround

Tested once with the forum login so, yeah no 100% guarantee.
You can google how to install a tampermonkey script in your browser.

// ==UserScript==
// @name         VK Workaround
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  fix the vivokey login
// @author       you
// @match        https://api.vivokey.com/openid/authorize*
// @icon         https://www.google.com/s2/favicons?domain=vivokey.com
// @grant        none
// ==/UserScript==

(function() {
    'use strict';
    if (/&amp;/.test(location)) {
        location = location.toString().replaceAll("&amp;","&")
    }
})();

This runs on the error page and then fixes it, kinda whack.
You have to live with seeing this error for a second before it logs you in.