Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Requests don't pick up new OAuth 2.0 token #7880

Open
1 task done
benyaa opened this issue Aug 28, 2024 · 9 comments
Open
1 task done

Requests don't pick up new OAuth 2.0 token #7880

benyaa opened this issue Aug 28, 2024 · 9 comments
Labels
B-bug Bug: general classification S-unverified Status: Unverified by maintainer

Comments

@benyaa
Copy link

benyaa commented Aug 28, 2024

Expected Behavior

That if I generate a new token, all child requests will use new token.

Actual Behavior

When I change environment, I clear the token, generate a new one and it still uses the old token meant for a different environment.

Reproduction Steps

  1. Create a folder with OAuth 2.0 auth
  2. create a child request with Inherit from parent auth
  3. generate a new OAuth 2.0 token in folder
  4. send child request
  5. change environment
  6. clear token
  7. generate new token
  8. send child request again
  9. seems like child request is using the token of old env instead of using the new generated token

Is there an existing issue for this?

Additional Information

it seems that if I duplicate the request and the duplication uses the new token

Insomnia Version

9.3.3

What operating system are you using?

Ubuntu

Operating System Version

Ubuntu Cinnamon noble 24.04 x86_64

Installation method

AppImage

Last Known Working Insomnia version

No response

@benyaa benyaa added B-bug Bug: general classification S-unverified Status: Unverified by maintainer labels Aug 28, 2024
@cwangsmv
Copy link
Contributor

@benyaa you can enable Filter responses by environment in Preferences
Screenshot 2024-08-07 at 18 13 33

After enable this option, when you change the env, we will find the response matching your current environment

@benyaa
Copy link
Author

benyaa commented Aug 29, 2024

@benyaa you can enable Filter responses by environment in Preferences Screenshot 2024-08-07 at 18 13 33

After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I view the sent auth token what I see is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

@cwangsmv
Copy link
Contributor

@benyaa you can enable Filter responses by environment in Preferences Screenshot 2024-08-07 at 18 13 33
After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

Does your environment includes OAuth info?
If not, does it mean that you manually change the oauth token in folder Auth and send child requests after switch env, it still use the old oauth token?
If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.

@benyaa
Copy link
Author

benyaa commented Aug 29, 2024

@benyaa you can enable Filter responses by environment in Preferences Screenshot 2024-08-07 at 18 13 33
After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

Does your environment includes OAuth info? If not, does it mean that you manually change the oauth token in folder Auth and send child requests after switch env, it still use the old oauth token? If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.

My env includes the OAuth 2 info that is used to generate the token.
So what happens is: I generate a new token -> if I create a new request it uses this new token, but if I run an already existing request - it uses the old token(generated by the previous env's oauth info.
image

Nothing in the auth tab.

@cwangsmv
Copy link
Contributor

@benyaa you can enable Filter responses by environment in Preferences Screenshot 2024-08-07 at 18 13 33
After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

Does your environment includes OAuth info? If not, does it mean that you manually change the oauth token in folder Auth and send child requests after switch env, it still use the old oauth token? If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.

My env includes the OAuth 2 info that is used to generate the token. So what happens is: I generate a new token -> if I create a new request it uses this new token, but if I run an already existing request - it uses the old token(generated by the previous env's oauth info. image

Nothing in the auth tab.

Since you're using Inherit from parent, can I see the auth tab of folder which contains your request.

@benyaa
Copy link
Author

benyaa commented Aug 29, 2024

@benyaa you can enable Filter responses by environment in Preferences Screenshot 2024-08-07 at 18 13 33
After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

Does your environment includes OAuth info? If not, does it mean that you manually change the oauth token in folder Auth and send child requests after switch env, it still use the old oauth token? If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.

My env includes the OAuth 2 info that is used to generate the token. So what happens is: I generate a new token -> if I create a new request it uses this new token, but if I run an already existing request - it uses the old token(generated by the previous env's oauth info. image
Nothing in the auth tab.

Since you're using Inherit from parent, can I see the auth tab of folder which contains your request.

image

@Grillpfanne
Copy link

I have the same problem and it doesn't require an env change.
It is enough to change the user and get a new token in the parent folder. This is not picked up by child requests where a request was made (one requirement maybe that the old token from the old user is still valid).

Repro:

  • Get token for user1 in parent folder via OAuth 2.0.
    image

  • Send request in child with "Inherit from parent"
    image

  • This steps seems to copy the token into the child request itself

  • Go to the parent folder, clear Oauth2 session and clear tokens, change user1 to user2, login and fetch new tokens

  • Go to child request, send again => it still uses token of user1.

  • If I switch to Oauth 2.0 in child request, I see that there is the old user1 token still stored (although the Oauth2 settings are missing, I guess these aren't copied to the child request)
    image

  • If I now manually clear the tokens in child request, switch back to "Inherit from parent", and send the request again, the user2 token will be picked up again.

I see the same behaviour when just deleting the token in parent folder: this will not clear the token from child request (even though "Inherit from parent" is selected) and child requests continue to use the token that should have been cleared.

Just switched to Insomnia 10.0.0 via Snap to test it.
image

Also tested it with multiple requests, problem seems to always be that tokens are copied to child request, but then never deleted or updated.
Start in a clear state (so no stored tokens for all requests), then login user1, send request1, login user2, send request2, login user3, send request3 => now all three requests use different tokens despite all of them having "Inherit from parent" selected and parent having user3 token configured.

We wanted to switch over to Insomnia from Postman, but this is a breaking bug for us.
It is also a very very dangerous bug, never knowing which credentials you are using when sending requests renders Insomnia completely useless for us.
Not sure if I am missing some setting or doing something dumb, but being confident I know what the software does when I click "Send request" is literally the number 1 priority for me.

@costyn
Copy link

costyn commented Sep 27, 2024

I encountered this bug today as well. Let me know if I can do anything.

@vivaladan
Copy link

vivaladan commented Nov 8, 2024

+1 Still an issue. My nasty work around is to duplicate the request and delete the old one. However the bug itself has led me on a wild goose chase a few times before I realised it wasn't getting the latest token.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
B-bug Bug: general classification S-unverified Status: Unverified by maintainer
Projects
None yet
Development

No branches or pull requests

5 participants