spree icon indicating copy to clipboard operation
spree copied to clipboard

Published 20 hours ago verified publisher icon spree

Platform API Doorkeeper Error (token validation)

Open MateoLa opened this issue 2 years ago • 4 comments

Tokens created through the api does not work.

Context

New tokens generated through the api are not validated. They are useless to perform any API call.

Token Creation

POST: {{baseUrl}}/spree_oauth/token

Request:

{
    "grant_type": "password",
    "username": "[email protected]",
    "password": "spree123",
    "scope": "admin"
}

Response:

{
    "access_token": "ndlSsRMy0_1gaYM9l3_9gnJkZSJ548nOwPQUbsNql3M",
    "token_type": "Bearer",
    "expires_in": 7200,
    "refresh_token": "JtMdc5Ok7aWvtxXa5PFuIsIQec1MGUGb6RWlmh8Mj-c",
    "scope": "admin",
    "created_at": 1651707394
}

Testing the new token (List roles)

GET {{baseUrl}}/api/v2/platform/roles?page=1&per_page=50&filter[name_eq]=admin

Request Headers:

Authorization: Bearer ff98ef8921ec88847dbd2bad8f6016eabca5e6e7764d42d1343ee631a0dce4e0
User-Agent: PostmanRuntime/7.29.0
Accept: */*
Postman-Token: 51aa0c64-1bdf-4fa3-97b9-c5273ad817cc
Host: localhost:4000
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __profilin=p%3Dt

Response:

{
    "error": "Doorkeeper::Errors::DoorkeeperError"
}

Database tokens

select * from spree_oauth_access_tokens;

 id | resource_owner_id | application_id |                              token                               |                          refresh_token                           | expires_in | revoked_at |         created_at         | scopes | previous_refresh_token | resource_owner_type 
----+-------------------+----------------+------------------------------------------------------------------+------------------------------------------------------------------+------------+------------+----------------------------+--------+------------------------+---------------------
  2 |                 1 |                | e5da3fe4a6a77c1e3fb0197e40086b0e50b4aaefdea03aeb4f4b68b93fabcad5 | d5e3f563fb7fa7c586b8e2da357a31b1ee6e7451ad8f96108ce36847232db561 |       7200 |            | 2022-05-04 21:45:11.494058 | admin  |                        | Spree::User
  1 |                 1 |              1 | c57d3dc7c4af16be07e86eceede7b4411151161bf906223f9c154d0ad7633131 |                                                                  |            |            | 2022-04-23 00:11:41.21947  | admin  |                        | Spree::User
  3 |                 1 |              2 | 45d9e10b422a36764ea7e298409b95beeb0ff673ae4f038a8cf1dbefbf6e8d78 |                                                                  |            |            | 2022-05-04 23:01:30.76295  | admin  |                        | Spree::User
  4 |                 1 |                | e8c0ddf93f09f8027a31f3cb96f82911d44302ba1cb15745b8c1aa31d0637689 | fd9f35bc60e447318bcb510cf0044e714d92ab3804427e09a18ef77effe57c8f |       7200 |            | 2022-05-04 23:02:51.257108 | admin  |                        | Spree::User
  5 |                 1 |                | ff98ef8921ec88847dbd2bad8f6016eabca5e6e7764d42d1343ee631a0dce4e0 | cfab324ae884d5afef8febbb3b406b75a3c36d4b4785d9367321419b34194fa9 |       7200 |            | 2022-05-04 23:36:34.300075 | admin  |                        | Spree::User

Thoughts

I don't know why the response to the new token creation is different from the token stored in the database:

ndlSsRMy0_1gaYM9l3_9gnJkZSJ548nOwPQUbsNql3M <> ff98ef8921ec88847dbd2bad8f6016eabca5e6e7764d42d1343ee631a0dce4e0

But any of them work trying to listing roles as stated before.

I think the problem is in the api/V2/Platform/resource_controller.rb when:

before_action :validate_token_client

since doorkeeper_token.application.nil? is true in:

def validate_token_client
    return if doorkeeper_token.nil?

     raise Doorkeeper::Errors::DoorkeeperError if doorkeeper_token.application.nil?
end

Obs:

If I use the spree_oauth_access_token with id 1: c57d3dc7c4af16be07e86eceede7b4411151161bf906223f9c154d0ad7633131 everything goes right since it has: application_id = 1 and I could list roles and use any Platform service.

Expected Behavior

List the existing roles

Actual Behavior

Doorkeeper Error

Possible Fix

Steps to Reproduce

Your Environment

  • Version used: 4.4.0
  • Gemfile and Gemfile.lock as text in a Gist: (from spree_starter)
  • Any relevant stack traces ("Full trace" preferred):

MateoLa avatar May 05 '22 00:05 MateoLa

having same issue with 4.4

sebbean avatar May 20 '22 00:05 sebbean

Having the same issue returning shipping methods.

localhost:4000/spree_oauth/token

{ "access_token": "19Y9wNRXx7I2l4UXq1Ks-vr60ssHOPBlU6gEiE1vmfc", "token_type": "Bearer", "expires_in": 7200, "refresh_token": "7y8W9i6UAXqxVpzZ5Pi5G5sG8nJxAy5EXzbgvo7ZsmQ", "created_at": 1653397572 }

localhost:4000/api/v2/platform/shipping_methods

{ "error": "Doorkeeper::Errors::DoorkeeperError" }

jfitzsimmons avatar May 24 '22 13:05 jfitzsimmons

Any workaround and plans to fix this would be really helpful?

dev-noww avatar Sep 20 '22 07:09 dev-noww

It's been a while, but using MateoLa's method of finding and using the id: 1 token worked for me. I forget exactly where spree_oauth_access_tokens is in the DB but it's in there.

jfitzsimmons avatar Sep 21 '22 17:09 jfitzsimmons

May I know which Spree version I should use in order not to get that error?

KhinMyintMyatThu avatar Sep 24 '22 03:09 KhinMyintMyatThu

Closing this issue, as this is now fully described in the platform API docs: https://dev-docs.spreecommerce.org/api/platform-api/authenticating-requests

rafalcymerys avatar Jan 11 '23 15:01 rafalcymerys