Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Rest] OAuth2 bearer tokens and refresh of tokens #3165

Open
Fleny113 opened this issue Oct 28, 2023 · 2 comments · May be fixed by #3185
Open

[Rest] OAuth2 bearer tokens and refresh of tokens #3165

Fleny113 opened this issue Oct 28, 2023 · 2 comments · May be fixed by #3185
Labels
pkg-rest Affects the rest package w-pending This depends on a different Issue/PR being resolved w-verified This had been verified
Milestone
v19

Comments

@Fleny113
Copy link
Contributor

Describe the bug:
Given a Bearer token got after a code exchange with discord the token gets used to do requests and discordeno creates queues mapped in the restManager.queues with the following key: Bearer <token here>/<url here>1. The problem is when the access token gets refreshed (even if it's before it expires) the token changes but the ratelimit is still the same, also the old queue that was created might still have pending request to send but since refreshing a token implies invaliding the old one the pending requests will fail with a 401 & Unauthorized error and if a new request gets sent before the ratelimit for an endpoint is refreshed2 it will fail with a 429 & Too many requests

To Reproduce:

import { createRestManager } from "@discordeno/rest";

const token = "<bot token>";
const secret = "<client secret for the OAuth2 exchange>";
const id = "<your bot id>"
const code = "<the code given by an oauth2 code exchange flow>"

const manager = createRestManager({
    token,
});

let token = await manager.exchangeToken(id, secret, {
    grantType: "authorization_code",
    redirectUri: "<redirect url of the application>",
    code,
});

await manager.getGuilds(token.accessToken);

token = await manager.exchangeToken(id, secret, {
    grantType: "refresh_token",
    refreshToken: token.refreshToken,
    accessToken: token.accessToken,
});

await manager.getGuilds(token.accessToken);

Expected behavior:
There shouldn't be an Invalid request performed for 429 & Too many requests

Screenshots:
image
The censored lines in the log are an input for the code to exchange

Version details:

Discordeno version: v19 dev, commit eec292728571d60bfe04c87260279d969a328be2

Footnotes

  1. The / is in fact part of the url, it is explicit in to separate the token and url

  2. For example: a token is used to do a request on /users/@me/guilds and then the token refreshes and another request is sent to that same url it will fail

@Fleny113 Fleny113 linked a pull request Nov 13, 2023 that will close this issue
Open
@H01001000 H01001000 added this to the v19 milestone Dec 7, 2023
@Fleny113 Fleny113 added the w-unverified This has not been verified label Dec 12, 2023
@github-actions GitHub Actions
Copy link

This issue has gone stale for over a month. If this issue is useful, leave a comment below. Otherwise, it will be closed shortly.

@Fleny113
Copy link
Contributor Author

bump. this still requires merging of the attached pr

@AwesomeStickz AwesomeStickz added pkg-rest Affects the rest package w-verified This had been verified w-pending This depends on a different Issue/PR being resolved and removed w-unverified This has not been verified labels Feb 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pkg-rest Affects the rest package w-pending This depends on a different Issue/PR being resolved w-verified This had been verified
Projects
None yet
Milestone
v19
3 participants
@AwesomeStickz @Fleny113 @H01001000