cburnette
commented
8 years ago Yeah the problem would be that Box is returning a 400 error when it used to return a 401. I'm not sure what is causing that but that's the reason it's not refreshing. Are you ever able to get a 401? That's just odd that the error code would change. If we can confirm then I can easily update the gem but we should make sure we know why the change in error code first.
Chad
Sent from my iPhone
On Jun 14, 2016, at 10:33 AM, Jonathan Simmons notifications@github.com wrote:
Problem: The boxr client is returning Boxr::BoxrError: 400: {"error":"invalid_client","error_description":"The client credentials are invalid"} with known good credentials.
Stats: Rails: 5.0.0.rc1 Ruby: 2.3.0
Background: I've got a rails app that is using the devise gem for omniauth support for authentication with the "omniauth-box-oauth2" for the box strategy.
I'm able to authenticate a user, begin using their token with the boxr gem to manage the user resources on their behalf. That part all worked fine. Then after an undetermined period, maybe an hour, the token is invalidated. I was expecting the boxr gem, because I passed the refresh_token during initialization, to auto refresh the token for me.
Here is my client initialization code:
token_refresh_listener = lambda { |access, refresh, identifier| User.find(identifier).update_columns( token: access, refresh_token: refresh ) }
client = Boxr::Client.new( @user.access_token, refresh_token: @user.refresh_token, client_id: ENV["BOX_CLIENT_ID"], client_secret: ENV["BOX_CLIENT_SECRET"], identifier: @user.id, &token_refresh_listener ) This however is not happening. I was confused so I just tired to use a native rest client to make the refresh call for a new token. Sure enough, it worked fine. I got a response new access and refresh tokens.
Still cautious I went to the database updated the corresponding user and tried to use boxr gem again. BOOM it magically started working. It was odd that the boxr gem didn't auto refresh but I though maybe I did something wrong?
Then an hour later it stopped again. After looking through the boxr code for a good bit I noticed that the refresh code here was looking for a 401 but the error I was getting was a 400 invalid_client. So it wasn't even getting a chance to try to refresh the token because it thinks the client is invalid
To make sure I wasn't crazy I tried to just use the boxr gem directly to refresh the token like so:
Boxr::refresh_tokens(User.first.refresh_token, client_id: ENV["BOX_CLIENT_ID"], client_secret: ENV["BOX_CLIENT_SECRET"]) This again returned:
Boxr::BoxrError: 400: {"error":"invalid_client","error_description":"The client credentials are invalid"} confirming my suspicion that something wasn't right. The credentials aren't invalid though. They are the same creds I've been using the this time, and if I make a curl request or use some external request app to refresh the token and those creds it all works fine.
What am I missing?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
jonathansimmons
Problem: The boxr client is returning
Boxr::BoxrError: 400: {"error":"invalid_client","error_description":"The client credentials are invalid"}with known good credentials.Stats: Rails: 5.0.0.rc1 Ruby: 2.3.0
Background: I've got a rails app that is using the devise gem for omniauth support for authentication with the "omniauth-box-oauth2" for the box strategy.
I'm able to authenticate a user, begin using their token with the boxr gem to manage the user resources on their behalf. That part all worked fine. Then after an undetermined period, maybe an hour, the token is invalidated. I was expecting the boxr gem, because I passed the refresh_token during initialization, to auto refresh the token for me.
Here is my client initialization code:
This however is not happening. I was confused so I just tired to use a native rest client to make the refresh call for a new token. Sure enough, it worked fine. I got a response new access and refresh tokens.
Still cautious I went to the database updated the corresponding user and tried to use boxr gem again. BOOM it magically started working. It was odd that the boxr gem didn't auto refresh but I though maybe I did something wrong?
Then an hour later it stopped again. After looking through the boxr code for a good bit I noticed that the refresh code here was looking for a 401 but the error I was getting was a 400
invalid_client. So it wasn't even getting a chance to try to refresh the token because it thinks the client is invalidTo make sure I wasn't crazy I tried to just use the boxr gem directly to refresh the token like so:
This again returned:
confirming my suspicion that something wasn't right. The credentials aren't invalid though. They are the same creds I've been using the this time, and if I make a curl request or use some external request app to refresh the token and those creds it all works fine.
What am I missing?