snoowrap icon indicating copy to clipboard operation
snoowrap copied to clipboard

Published 20 hours ago verified publisher icon not-an-aardvark

Clients created with 'fromApplicationOnlyAuth' fail requests with 400, 401

Open iwinulose opened this issue 3 years ago • 6 comments

The initial call to fromApplicationOnlyAuth succeeds, however the retrieved credentials appear to be invalid.

The initial access_token request seems to have changed to return both an access token and a refresh token, however the constructor does not expect to receive a refresh duration. The next attempt to call any API will trigger a refresh (as to the client it appears the access token is no longer valid.) The refresh fails w/ 400. Unfortunately, patching to fix this issue does not help, as any request made using the supposedly valid auth token is failed with 401.

As a workaround, clients created with the 'permanent: false' parameter work correctly.

iwinulose avatar Jan 01 '22 22:01 iwinulose

I think I fixed this bug, check this commit: https://github.com/not-an-aardvark/snoowrap/pull/338/commits/ebd3ab1c0d0a4b321657d0b0b90a61b56cbffe4e

  • 🐛 Fixed a bug with snoowrap#fromAuthCode and snoowrap#fromApplicationOnlyAuth when they don't set the values of requester.tokenExpiration and requester.scope after a successful authentication which causes the access token to refresh again for no reason '-' .

iMrDJAi avatar Jan 07 '22 20:01 iMrDJAi

Update: Application Only OAuth is broken!

image

iMrDJAi avatar Feb 15 '22 18:02 iMrDJAi

Any update on this? Setting permanent to false does not throw an error but it's not ideal.

oakleyaidan21 avatar Apr 10 '22 17:04 oakleyaidan21

@oakleyaidan21 permanent is not supported anymore. What's the current behavior of snoowrap when setting permanent to false?

iMrDJAi avatar Apr 10 '22 18:04 iMrDJAi

@iMrDJAi when I set permanent to false it behaves as @iwinulose described -- there is no API error and the snoowrap object can be used (albeit for only an hour). When I set it to true or omit it I get this error: API Error: invalid_grant - undefined. The snoowrap version I'm using is 1.23.0.

oakleyaidan21 avatar Apr 10 '22 18:04 oakleyaidan21

@oakleyaidan21 Right! just wanted to be sure.

snoowrap#fromApplicationOnlyAuth with permanent set to false only passes an access token to the returned snoowrap instance, and snoowrap v1.23.0 can only refresh the access token when a refresh token is present (in this case there is none), and currently, there is no particular way to obtain a new application-only access token automatically.

However, I fixed that in the upcoming snoowrap v2.0. Work in progress...

iMrDJAi avatar Apr 10 '22 20:04 iMrDJAi