search

not-an-aardvark / snoowrap

A JavaScript wrapper for the reddit API
MIT License
1.01k stars 125 forks source link

Clients created with 'fromApplicationOnlyAuth' fail requests with 400, 401 #349

Open iwinulose opened 2 years ago

iwinulose commented 2 years ago

The initial call to fromApplicationOnlyAuth succeeds, however the retrieved credentials appear to be invalid.

The initial access_token request seems to have changed to return both an access token and a refresh token, however the constructor does not expect to receive a refresh duration. The next attempt to call any API will trigger a refresh (as to the client it appears the access token is no longer valid.) The refresh fails w/ 400. Unfortunately, patching to fix this issue does not help, as any request made using the supposedly valid auth token is failed with 401.

As a workaround, clients created with the 'permanent: false' parameter work correctly.

iMrDJAi commented 2 years ago

I think I fixed this bug, check this commit: https://github.com/not-an-aardvark/snoowrap/pull/338/commits/ebd3ab1c0d0a4b321657d0b0b90a61b56cbffe4e

  • 🐛 Fixed a bug with snoowrap#fromAuthCode and snoowrap#fromApplicationOnlyAuth when they don't set the values of requester.tokenExpiration and requester.scope after a successful authentication which causes the access token to refresh again for no reason '-' .
iMrDJAi commented 2 years ago

Update: Application Only OAuth is broken!

image

oakleyaidan21 commented 2 years ago

Any update on this? Setting permanent to false does not throw an error but it's not ideal.

iMrDJAi commented 2 years ago

@oakleyaidan21 permanent is not supported anymore. What's the current behavior of snoowrap when setting permanent to false?

oakleyaidan21 commented 2 years ago

@iMrDJAi when I set permanent to false it behaves as @iwinulose described -- there is no API error and the snoowrap object can be used (albeit for only an hour). When I set it to true or omit it I get this error: API Error: invalid_grant - undefined. The snoowrap version I'm using is 1.23.0.

iMrDJAi commented 2 years ago

@oakleyaidan21 Right! just wanted to be sure.

snoowrap#fromApplicationOnlyAuth with permanent set to false only passes an access token to the returned snoowrap instance, and snoowrap v1.23.0 can only refresh the access token when a refresh token is present (in this case there is none), and currently, there is no particular way to obtain a new application-only access token automatically.

However, I fixed that in the upcoming snoowrap v2.0. Work in progress...