oauth2 icon indicating copy to clipboard operation
oauth2 copied to clipboard

Published 20 hours ago verified publisher icon golang

oauth2 doesn't follow 301 redirects

Open ncw opened this issue 8 years ago • 5 comments

I'm using oauth2 very succesfully in rclone (rclone.org). I'm having trouble with the hubic implementation though. It works perfectly nearly all the time, but every now and again it returns this error when it tries to refresh the token.

Get https://api.hubic.com/1.0/account/credentials: oauth2: cannot fetch token: 301 Moved Permanently
Response: <html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

I think this error is probably coming from here.

I don't know whether this is a problem with Hubic being out of spec or this library - any help much appreciated!

You can see my code here with the utility library here.

ncw avatar Mar 09 '16 15:03 ncw

HTTP client is automatically following 301s unless Client.CheckRedirect says otherwise. It is unlikely that it is coming from https://github.com/golang/oauth2/blob/master/internal/token.go#L176.

Are you sure that the http.Client you are using is not disabling redirects?

rakyll avatar Aug 26 '16 18:08 rakyll

Hmm.. my code doesn't set CheckRedirect so it is using the default policy. Apparently neither does oauth2.

I checked out rclone and all its dependencies into a clean GOPATH and grepped them. There were no uses of CheckRedirect.

If it had been a redirect loop then it should have produced this error

   544  func defaultCheckRedirect(req *Request, via []*Request) error {
   545      if len(via) >= 10 {
   546          return errors.New("stopped after 10 redirects")
   547      }
   548      return nil
   549  }

Any other ideas?

Thanks

Nick

ncw avatar Aug 27 '16 08:08 ncw

Get https://api.hubic.com/1.0/account/credentials

Is this a GET request or is it your custom error message? I am assuming you are experiencing this at https://github.com/golang/oauth2/blob/master/internal/token.go#L149 and I don't think POST requests are being redirected according to https://github.com/golang/go/blob/2af00eb63cde716b59c0d64f4c3855b83a9d5a63/src/net/http/client.go#L365.

rakyll avatar Sep 07 '16 23:09 rakyll

HTTP 301 dictates that the client retries the request at another location with the GET method. So while your http client probably retries the request correctly, the method will be wrong.

To redirect that respects the request method, the server should issue a 307 Temporary Redirect or 308 Permanent Redirect, but AFAIK, the go net/http package does not support 307 redirects for POST or PUT yet.

romeovs avatar Oct 21 '16 08:10 romeovs

This was fixed in: https://go-review.googlesource.com/c/go/+/29852/ and this issue can be closed I think.

matoous avatar Jun 09 '21 08:06 matoous