Client Credentials broken in 5.0.0-rc.1 #217
Comments
|
There also seem to be some missing pieces in |
|
hey @shrihari-prakash can you help to trace this issue further down to some part of the actual code? It's hard to "debug" this with a black-box setup as I can't trace the internal code-flow (which is of course wanted with authz setup 💯 ) Either there is a part, that causes a wrong token to be created or a part where a correctly created token is unexpectedly compared to some wrong token or there is a structural mismatch, like comparing a string to an object. From what I read there may be multiple places that can cause this:
Can you run this with the debugger and or place some console traces to actually find at which place exactly the program causes this? |
|
Addition: please also make sure there is no unintended multiple request causing the codes to be revoked (see https://datatracker.ietf.org/doc/html/rfc6749.html#section-4.1.2) |
|
Hello @jankapunkt , Sure, let me trace it down. Probably sometime today. I wanted to register the issues first so I don't lose to report them. Maybe in future I will make a minimal example of this framework so that I can submit future issues with a good code sample, but for now if you would want to explore, the codebase of the hosted API is here: https://github.com/shrihari-prakash/liquid. (Don't worry, I will be parallelly working on finding the root cause) As of making unintended multiple requests, this system has been tested for several scenarios with 4.x. So something new in 5.0.0 causing this. |
|
@jankapunkt , getUserFromClient is not being awaited in client credentials grant. I opened a PR to await it. Can you review #218? This will solve the scope issue. |
|
@jankapunkt , this seems to have resolved the other issue also 🙂 |
|
@shrihari-prakash FYI - please note the following issue #219 |
jankapunkt
added
bug 🐛
|
@jankapunkt what is the plan to release RC2? This would help to test the new changes and identify any other regressions that might be in 5.X. |
|
Yes, RC.2 is going public the next hour |
|
Just an update. It's been 5 days since the upgrade of rc2 and so far, there are no new regressions in my applications that use this library. Can confirm that client credentials, auth code, refresh token are all working as intended.👍🏻 |
|
Hi @shrihari-prakash thanks for the testing! I currently work on #224 to cover potential similar cases and I hope to push coverage close to 100% so we can mitigate these kinds of issues in the future :-) |
Specify your setup
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
client_credentials.OAuthServer.server.authenticate.invalid_token: Invalid token: access token is invalid.Alternatively, please add a link to a GitHub repo
that reproduces the error/s.
It is possible to do a quick check in a dev deployment of my project: https://liquid-pe2r.onrender.com (It is very slow on the first request, so give it a minute to load, and then do the API call).
You should see an unauthorized.
Expected behavior
The server should accept the valid token.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
The problem seems to be due to a different token passed to
getAccessTokenfunction in the model than the one that was returned by authorize function..The text was updated successfully, but these errors were encountered: