search

yagamiapp / web

The web-facing interface to Yagami
https://yagami.app
2 stars 0 forks source link

Fix osu!web API tokens can't be refreshed #15

Closed JPW03 closed 1 year ago

JPW03 commented 1 year ago

The refresh token code is in src/hooks.server.ts/handleFetch().

Currently, expired tokens can't be refreshed. The API is queried according to the documentation with the following URL, params and headers:

const refreshURL = new URL('https://osu.ppy.sh/oauth/token');
refreshURL.searchParams.append('client_id', PUBLIC_OSU_CLIENT_ID);
refreshURL.searchParams.append('client_secret', OSU_CLIENT_SECRET);
refreshURL.searchParams.append('grant_type', 'refresh_token');
refreshURL.searchParams.append('refresh_token', OsuToken.refresh_token);
const refreshHeaders = {
    'Content-Type': 'application/x-www-form-urlencoded',
    Accept: 'application/json'
};

When fetching this URL with the headers in a POST request, it returns:

{
    error: 'unsupported_grant_type',
    error_description: 'The authorization grant type is not supported by the authorization server.',
    hint: 'Check that all required parameters have been provided',
    message: 'The authorization grant type is not supported by the authorization server.'
}

Signing up for a team in a tournament and searching for players to invite is an easy way to manually test this. Requests made by unexpired tokens work fine. Logging out and logging back in again creates a new token so it does temporarily fix this issue.

JPW03 commented 1 year ago

I should have also specified that logging out and logging back in again only fixes it if you remove the OsuOauth entry for that user.

clxxiii commented 1 year ago

Currently, expired tokens can't be refreshed.

I don't know what you mean by this, and I can't exactly tell what you intend for the bug fix on my end to be. The point of a refresh token is to refresh an expired token, as is implied in the documentation:

Access token expires after some time as per expires_in field. Refresh the token to get new access token without going through authorization process again.

If the issue is that it's not working as to what the documentation says, then that is not a bug report for me, that's a bug report for the osu-web repository.

JPW03 commented 1 year ago

I meant to refresh expired access tokens using its refresh token, so I mean exactly what you meant by "refresh an expired token".

It could be an issue with osu!web's documentation but I thought it's worth double checking if it's my fault first.

clxxiii commented 1 year ago

I believe there is a working token refresher on the bot side of things. It should be handled already, but if you want to move it over here you can reference that code

(I'd link it but I'm on mobile)