search

soundcloud / api

A public repo for our Developer Community to engage about bugs and feature requests on our Public API
151 stars 25 forks source link

400 Bad Request on /oauth/token #345

Open cvringer opened 1 day ago

cvringer commented 1 day ago

Title: 400 Bad Request on /oauth/token

Issue found of: Nov 29 2024

Endpoint(s):

Steps to reproduce:

Using Spring Webclient to access /oauth/token

WebClient client = WebClient.builder() .baseUrl(security_uri) .clientConnector(new ReactorClientHttpConnector(httpClient)) .build();

    return client.post()
            .uri("/oauth/token")
            .contentType(MediaType.APPLICATION_FORM_URLENCODED)
            .accept(MediaType.APPLICATION_JSON)
            .body(BodyInserters.fromMultipartData("grant_type", "authorization_code")
                    .with("client_id", client_id)
                    .with("client_secret", client_secret)
                    .with("redirect_uri", callback_uri)
                    .with("code_verifier", pkce)
                    .with("code", code_from_auth))
            .retrieve()
            .bodyToMono(SoundcloudToken.class).block();
}

TRACELOG (MASKED): tracelog.pdf

Expected behaviour:

200 OK

Actual behaviour:

400 Bad Request (consistently)

tyctor commented 1 day ago

I can confirm this, we are uploading tracks via /tracks api from our django admin (radiopunctum), and this stopped working yesterday (Nov 28 2024). First approx. 12 hours response was 500 Internal Server error but now response status code is 400 and response body is empty. Headers seems similar to what is in your tracelog:

{
  'Content-Type': 'text/plain; charset=utf-8',
  'Content-Length': '1',
  'Connection': 'keep-alive',
  'x-content-type-options': 'nosniff',
  'date': 'Fri, 29 Nov 2024 20:32:02 GMT',
  'strict-transport-security': 'max-age=63072000; includeSubdomains; preload',
  'server': 'am/2', 
  'X-Cache': 'Error from cloudfront',
  'Via': '1.1 780489eb078b12b535ed56179d4e97fe.cloudfront.net (CloudFront)', 
  'X-Amz-Cf-Pop': 'VIE50-P1',
  'X-Amz-Cf-Id': 'V_36eiefG8FEHeVhHcjH9x5VLW9dTxYPYE8L4Iqj6-cayt1WVutRww=='
}

One difference is, that I can retrieve OAuth access token, but POST to /tracks is not working.

cvringer commented 12 hours ago

@tyctor so /oauth/token is still working for you?

tyctor commented 11 hours ago

yes, /oauth/token is working, POST /tracks is not working, I have checked it before one minute