tgtg
tgtg copied to clipboard
Der-Henning
Regular 401 Unauthorized's
I want to share some insights that seems to be odd behaviour to me.
It looks like TGTG is invalidating access tokens at random times and then it results into a 401 Unauthorized error when calling the item/v8 url.
This causes the scanner to not work until the refresh time period is reached.
Because I was intrigued to know what the official TGTG app did in such case I set up Proxyman for iOS to intercept the traffic between my TGTG app & their API.
It looks like the tokens of the official app are also invalidated at some times and they return a 401 Unauthorized but they immediately call the refresh token URL after that and then use the new token which then works fine.
Would it be an idea to also refresh the token when the API returns 401 Unauthorized and when a valid token is already present in the scanner?
Just as a reference how often this happens, it is a lot to me: tgtg-scanner.log
Such a problem never occurred for me. It would be possible to add such a behavior but in the meantime you can reduce AccessTokenLifetime as a workaround. I f.e. have mine set to 1800 just be on the safe side. You can check https://github.com/Der-Henning/tgtg/wiki/Configuration on how to configure that in your setup. I don't know what exactly is going wrong on your end, but your logs imply that pretty much after one hour the RefreshToken gets invalidated. Maybe try setting the AccessTokenLifetime to 3600 or enabling Debug in the configuration to check if you are not sending too many requests…
The access token lifetime was already set to one hour (3600) with the provided log file, so it actually got invalidated immediately. I now configured the lifetime to only 55 seconds, forcing it to get a new token each API call and even then I still sometimes get invalidated tokens (but at least it starts to work again after one or two minutes): tgtgscanner.log
Regarding debug logging, I enabled it once before and it doesn't reveal any useful information except for the 401 Unauthorized (so no 429 ratelimit status code or 403 forbidden status code).
Anyways, I have a workaround so this is not urgent to me but I think it would be a great improvement to handle these regular unauthorized's in the same way that the official TGTG app does. I also find it pretty odd that no one else experienced similar issues...
Wait… could this issue be that you have your AccessTokenLifetime set to short? Maybe you get invalid AccessTokenLifetime because your interval is set too short. Did you start with a AccessTokenLifetime when using this project or did you switch to it because you already got 401 a lot?
I started with the default access token lifetime, which is set to 4 hours if I remember correctly but even then I got the 401's and tried a shorter lifetime of 1 hour and eventually 55 seconds to get the best results in my case.