Getting `MangoPay::ResponseError: The authorization credentials are not valid` after running several tests

[jfloff]

I'm running my test battery and I'm finding out that after a while, the MangoPay API starts returning a MangoPay::ResponseError: The authorization credentials are not valid exception. I'm pretty sure I have the right credentials because I can run multiple tests in a row, but after a while this is the return. I don't know if I'm issuing too many requests in sequence, but if that's the case then I was expecting a throttled message, not a wrong credentials reply.

[mickaelpois]

@jfloff Are you always facing this issue ? Could you give us more details on this (requests and responses, execution time) ?

[jfloff]

I haven't done this in a while because I started using VCR gem for my specs, but if I force new requests I'm still facing that. The pattern is what I described above, it works fine then after multiple specs running it stops workings and returns that error. To me it seems a throttling issue, but the error message does not match that.

[SoloJr]

Hi @jfloff

As many times as I ran the tests, not even once I got an error...

[jfloff]

I will try to get a full log the next time I can replicate this issue. We can close for now and reopen when I get that log.

[jfloff]

Yesterday running tests I found the error yet again:

Failure/Error:
       mangopay_operation = MangoPay::NaturalUser.create({
         Email: self.email,
         FirstName: self.first_name,
         LastName: self.last_name,
         Address: address,
         Birthday: self.birth_date.to_time.to_i,
         Nationality: self.country,
         CountryOfResidence: address[:Country],
       })

     MangoPay::ResponseError:
       The authorization credentials are not valid
     # /app/heroku/ruby/bundle/ruby/2.6.6/gems/mangopay-3.0.32/lib/mangopay.rb:148:in `request'
     # /app/heroku/ruby/bundle/ruby/2.6.6/gems/mangopay-3.0.32/lib/mangopay/http_calls.rb:13:in `create'
     # ./app/models/user.rb:709:in `block in mangopay_create_natural_user'

EDIT

This was the VCR that got recorded today when I faced this issue yet again:

- request:
    method: post
    uri: https://api.sandbox.mangopay.com/v2.01/<REDACTED>/wallets
    body:
      encoding: UTF-8
      string: '{"Owners":[83945627],"Description":"owner wallet for user eddy_leffler@sink.sendgrid.net","Currency":"EUR"}'
    headers:
      User-Agent:
      - MANGOPAY V2 RubyBindings/3.0.32
      Authorization:
      - bearer <REDACTED>
      Content-Type:
      - application/json
      X-Mangopay-Client-User-Agent:
      - '{"bindings_version":"3.0.32","lang":"ruby","lang_version":"2.6.6 p146 (2020-03-31)","platform":"x86_64-linux","uname":"Linux
        d76f32f75be0 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64 x86_64
        x86_64 GNU/Linux"}'
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
      Accept:
      - "*/*"
  response:
    status:
      code: 401
      message: Unauthorized
    headers:
      Date:
      - Mon, 13 Jul 2020 10:56:53 GMT
      Content-Type:
      - application/json; charset=utf-8
      Content-Length:
      - '175'
      Connection:
      - keep-alive
      Set-Cookie:
      - __cfduid=d9dc1d231712140d0c77d6bd88edd371e1594637813; expires=Wed, 12-Aug-20
        10:56:53 GMT; path=/; domain=.mangopay.com; HttpOnly; SameSite=Lax
      Cache-Control:
      - no-cache
      Pragma:
      - no-cache
      Expires:
      - "-1"
      Www-Authenticate:
      - Basic realm=MangopayAuthentication
      - Bearer
      - Bearer realm="MangopayAuthentication"
      Cf-Cache-Status:
      - DYNAMIC
      Cf-Request-Id:
      - 03e96b20630000da8246b0f200000001
      Expect-Ct:
      - max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Server:
      - cloudflare
      Cf-Ray:
      - 5b227ae09b5bda82-LIS
    body:
      encoding: UTF-8
      string: '{"Message":"The authorization credentials are not valid","Type":"invalid_credentials","Id":"a8e5bb05-5517-436f-af75-9da7212f1b75#1594637813","Date":1594637814.0,"errors":null}'
    http_version: null
  recorded_at: Mon, 13 Jul 2020 10:56:53 GMT

[jfloff]

I've updated the previous message with the VCR I recorded on my tests with this exact problem

[jfloff]

For future reference this is due to MGP oauth/token request. What happens is that on a first run VCR records the oauth/token request. But when you record new episodes at a later date (VCR=new_episodes) that token is expired, and since that token is replayed by VCR you get an unauthorized reply.

As a solution, either reply the whole spec or manually remove the token request from your VCR tape and record let VCR record new episodes (hence recording both the new token and the new request)