search

minimul / qbo_api

Ruby JSON-only client for QuickBooks Online API v3. Built on top of the Faraday gem.
MIT License
85 stars 46 forks source link

401 Unauthorized issues after upgrade to qbo_api 3.0 #119

Closed saboter closed 1 year ago

saboter commented 1 year ago

Hi everybody,

I was following closely your efforts on the recent faraday upgrade related PR (https://github.com/minimul/qbo_api/pull/118) and rushed to test the new version.

Unfortunately after upgrade my QBO integration stopped working. I am receiving the same exception like in this old closed issue:

https://github.com/minimul/qbo_api/issues/84

QboApi::Unauthorized: [{:fault_type=>"AuthenticationFault", :error_code=>"100", :error_message=>"General Authentication Error", :error_detail=>"AuthenticationErrorGeneral: SRV-110-Authentication Failure , statusCode: 401"}]

Tokens are good, they were tested with this snippet:

access_token="put the access token in these quotes"
realm_id="put the company id in these quotes"
curl -X GET "https://sandbox-quickbooks.api.intuit.com/v3/company/${realm_id}/companyinfo/${realm_id}" \
 -H "Accept: application/json" \
 -H "Content-Type: application/json;charset=UTF-8" \
 -H "User-Agent: virtuexru  test" \
 -H "Authorization: Bearer ${access_token}"

Gems:

oauth2 = 2.0.9 faraday = 2.7.2

Is the new version working for you also in your production usage? @bf4 @mculp @minimul

Thank you.

minimul commented 1 year ago

@saboter Thanks for reporting.

No, I am still using v2 in production.

@bf4 / @mculp Are you all running v3 in production?

mculp commented 1 year ago

@minimul Not yet. Should probably re-record the VCRs and see what's not matching up. Do the cassettes match on the Authorization header?

I'm actually about to catch a flight on vacation so I don't think I will be able to dig into this much for a few days.

saboter commented 1 year ago

@minimul @bf4

It seems the problem is in the parameter usage in this method (https://github.com/minimul/qbo_api/blob/master/lib/qbo_api/connection.rb):

    # Faraday 2 deprecated the FaradayMiddleware gem. Middleware is
    # now part of Faraday itself, and :authorization can be used to pass
    # the Bearer token.
    def add_authorization_middleware(conn)
      conn.request :authorization, access_token, token_type: 'bearer'
    end

After adjusting it according to Faraday docs (https://github.com/lostisland/faraday/blob/main/docs/middleware/request/authentication.md) it started to work:

    def add_authorization_middleware(conn)
      conn.request :authorization, 'Bearer', access_token
    end

Mocked specs have most probably some blind spot for this type of bug.

saboter commented 1 year ago

The reason spec pass could be also use of old Faraday version.

Gemspec allows it:

spec.add_runtime_dependency 'faraday', '>= 1.10.0'

minimul commented 1 year ago

@saboter Good find.

Tell you what, put together a PR for the change you discovered and I'll merge and release it as 3.0.1. Don't worry about the specs passing at the moment.

saboter commented 1 year ago

Done.

Did not run specs and did not touched gemspec.

minimul commented 1 year ago

Update: PR #120 has been merged and released as version 3.0.1.

saboter commented 1 year ago

All good now.