[BUG] RSO missing cpid in userinfo

[whyando]

cpid is missing from the response from https://auth.riotgames.com/userinfo
cpid scope IS specified.

normally https://auth.riotgames.com/userinfo returns { sub, cpid, jti } but just getting { sub }

• Frequency:
  Not every account is affected. It may only be for new accounts. I am unsure when this bug started occurring.

[colin-j-rm]

Also running into this issue. I can replicate it consistently, only happens when account is new and you need to first click "Authorize", then no matter how many times you retry, /userinfo doesn't return a cpid and only returns { sub }.

(if you restart entire sign in flow then it finally works, but this is not ideal for users forcing them to retry signing in)

[OllieJennings]

I have also started to notice this happening. @tisbells any knowledge of this, we are seeing multiple signups with no cpid coming back

[DarkIntaqt]

I also had these issues a lot recently…
Tisbells isn’t working for DevRel anymore, so this ping is unfortunately not helping

[OllieJennings]

Oh no, @DarkIntaqt is there any rioters that we know of who we can tag?

I feel like this has been getting worse.

[DarkIntaqt]

afaik they are a heavily short staffed atm, and while I agree with you that this has a pretty high priority, I don't know whether there is anyone who is actively in charge of / monitoring the Github.

[OllieJennings]

I think you are right, the only developer l have seen who has replied on some github issues is: @lucasMesquitaBorges, any chance we could get some eyes on this.

I've also submitted a ticket on this: 108409707

[lucasMesquitaBorges]

Hi! That's correct. Thanks for the ping in this thread.
I will check this issue.

[OllieJennings]

Hey @lucasMesquitaBorges any update on this? We are now seeing around 1 in 3 requests without a cpid field.

For now we have resorted to just spamming the summoner endpoint for each region to find out which region they might belong to, which is not ideal but gives up an alternative for now.

[lucasMesquitaBorges]

The cpid object from /userinfo endpoint will only return if the player has played lol (that's when a shard is bound to the account).
For the given rate you are reporting this issue, I'm assuming this cpid object is missing for players with a bound shard.

To continue triaging this issue we will need to get some sensitive information.

@OllieJennings since you provided a ticket ID, we will contact you via zendesk to get more information and find the root cause.

[OllieJennings]

@lucasMesquitaBorges yep exactly that, we are finding that we find the "shard" by looping through all regions and requests their summoner based on their puuid.

More that happy to give all required details when needed, will keep an eye out for the ticket response.

Update: have responded back to the ticket with the relevant info

[lucasMesquitaBorges]

Hi all! Can you please detail what scopes you're including in the redirect url for user authorization?
(URL redirect to https://auth.riotgames.com/authorize)

[KarineValenca]

Hey @lucasMesquitaBorges

I'm facing the same issue on my application. The scopes I'm using are: openid and cpid.