403 (Forbidden) despite valid Client ID, Secret and Refresh Token

[janssen-io]

For a couple years now, I have a bot running smoothly thanks to this library. Unfortunately, since a few days now I started seeing 403 - Forbidden errors.

When troubleshooting using Fiddler, I found out that the token refresh in Reddit.Models.Internals.Request is never being hit. My hunch is that Reddit used to respond with 401 - Unauthorized and changed this. Now the conditional on line 174 is no longer true and thus the Access Token stays null.

When I change the conditional to include || (res.StatusCode == HttpStatusCode.Forbidden, the app works as expected again. :)

        private IRestResponse GetResponse(IRestResponse res, ref RestRequest restRequest)
        {
            int serviceRetry = 3;
            do
            {
                int retry = 5;
                while ((res == null || !res.IsSuccessful)
                        && (RefreshToken != null || DeviceId != null)
                        && (res.StatusCode == HttpStatusCode.Unauthorized  // This is returned if the access token needs to be refreshed or wasn't provided.  --Kris
                       ---> || res.StatusCode == HttpStatusCode.Forbidden  // Since 2024-07 it seems that Reddit returns Forbidden instead of Unauthorized when no token is present. --janssen-io (Stan)
                            || res.StatusCode == HttpStatusCode.InternalServerError  // On rare occasion, a valid request will return a status code of 500, particularly if under heavy load.  --Kris
                            || res.StatusCode == 0)  // On rare occasion, a valid request will return a status code of 0, particularly if under heavy load.  --Kris
                        && retry > 0)
                {
                     // ...

[thedarklort]

Thank you,

I had that problem too for like a month that sometimes when i try to restart my bot it just instantly threw that 403. It usually fixed itself after some time.

But this little change worked perfectly

[janssen-io]

I created a fork where I fixed this, but because I'm not entirely sure this is fixing the root cause rather than a symptom, I didn't open a PR yet. For anyone else in need of this fix, there's a DLL in the Releases of the fork as well.

I then simply replace the DLL before I deploy my bot: https://github.com/janssen-io/ReviewBot/blob/9ade9d9f3c308001baf5ec208fcbc6e79950a384/.github/workflows/deploy.yml#L43-L46

    - name: Patch Reddit.NET
      shell: bash
      run: |
        wget -O "$RELEASE_DIR/Reddit.NET.dll" https://github.com/janssen-io/sirkis-Reddit.NET/releases/latest/download/Reddit.NET.dll

[origine999]

I figured that was the cause, thanks for the fix! Probably a good fix would be to fetch the access token when there is none cached, instead of relying on Reddit to return 401.

[p-julien]

Thank you for the fix!

[cultpodcasts]

Awesome work! This fixes it for me. Thank you for making a fix available. Looking forward to a long-term fix

[sirkris]

My hunch is that Reddit used to respond with 401 - Unauthorized and changed this.

Your hunch is correct. I really wish Reddit would notify SDK maintainers when they make BC-breaking changes like this. :/

Anyway, I'll put out a hotfix for this soon. Thanks for the heads-up!

[fluxion-dev]

My hunch is that Reddit used to respond with 401 - Unauthorized and changed this.

Your hunch is correct. I really wish Reddit would notify SDK maintainers when they make BC-breaking changes like this. :/

Anyway, I'll put out a hotfix for this soon. Thanks for the heads-up!

When can we expect a fix?