[GH-ISSUE #358] prompt_for_token returns error if token refresh fails #109

Closed
opened 2026-02-27 20:23:10 +03:00 by kerem · 2 comments
Owner

Originally created by @jacobmichels on GitHub (Aug 14, 2022).
Original GitHub issue: https://github.com/ramsayleung/rspotify/issues/358

Describe the bug
Using the AuthCodePkceSpotify client with token cache enabled, if the cached refresh token expires or is invalid, prompt_for_token returns an error http error: status code 400 Bad Request instead of opening the browser to get a new access/refresh token pair. To work around this I've had to delete the token cache and re-run prompt_for_token:

let url = self.client.get_authorize_url(None)?;
let response = self.client.prompt_for_token(&url).await;
if response.is_err() {
    fs::remove_file(&self.client.config.cache_path)?;
    self.client.prompt_for_token(&url).await?;
}

To Reproduce
Steps to reproduce the behavior:

Using an AuthCodePkceSpotify client configured with token_cache and token_refreshing enabled:

  1. Get credentials cached by calling prompt_for_token and following the instructions
  2. Open the json cache file, change the expiration timestamp to a time in the past, and change the refresh token so it's in a valid format but is not a valid token.
  3. Call prompt_for_token on the client and observe the returned error instead of the expected behavior of re-prompting the user for the redirect URI

Expected behavior
As the method description states, I expect prompt_for_token to open the web browser and re-prompt the user for the redirect URI

Log/Output data

[2022-08-14T19:44:03Z INFO  rspotify::auth_code_pkce] Building auth URL
[2022-08-14T19:44:03Z INFO  rspotify::auth_code_pkce] Generating PKCE codes
[2022-08-14T19:44:03Z INFO  rspotify::clients::oauth] Reading auth token cache
[2022-08-14T19:44:03Z INFO  rspotify_http::reqwest] Making request RequestBuilder { method: POST, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("accounts.spotify.com")), port: None, path: "/api/token", query: None, fragment: None }, headers: {"content-type": "application/x-www-form-urlencoded"} }
Error: http error: status code 400 Bad Request

Additional context
I'm unsure if this issue happens with any other auth clients, I've only used the PKCE flow. Happy to provide more info or an example program showcasing the issue.

Originally created by @jacobmichels on GitHub (Aug 14, 2022). Original GitHub issue: https://github.com/ramsayleung/rspotify/issues/358 **Describe the bug** Using the `AuthCodePkceSpotify` client with token cache enabled, if the cached refresh token expires or is invalid, prompt_for_token returns an error `http error: status code 400 Bad Request` instead of opening the browser to get a new access/refresh token pair. To work around this I've had to delete the token cache and re-run prompt_for_token: ``` let url = self.client.get_authorize_url(None)?; let response = self.client.prompt_for_token(&url).await; if response.is_err() { fs::remove_file(&self.client.config.cache_path)?; self.client.prompt_for_token(&url).await?; } ``` **To Reproduce** Steps to reproduce the behavior: Using an `AuthCodePkceSpotify` client configured with `token_cache` and `token_refreshing` enabled: 1. Get credentials cached by calling `prompt_for_token` and following the instructions 2. Open the json cache file, change the expiration timestamp to a time in the past, and change the refresh token so it's in a valid format but is not a valid token. 3. Call `prompt_for_token` on the client and observe the returned error instead of the expected behavior of re-prompting the user for the redirect URI **Expected behavior** As the method description states, I expect prompt_for_token to open the web browser and re-prompt the user for the redirect URI **Log/Output data** ``` [2022-08-14T19:44:03Z INFO rspotify::auth_code_pkce] Building auth URL [2022-08-14T19:44:03Z INFO rspotify::auth_code_pkce] Generating PKCE codes [2022-08-14T19:44:03Z INFO rspotify::clients::oauth] Reading auth token cache [2022-08-14T19:44:03Z INFO rspotify_http::reqwest] Making request RequestBuilder { method: POST, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("accounts.spotify.com")), port: None, path: "/api/token", query: None, fragment: None }, headers: {"content-type": "application/x-www-form-urlencoded"} } Error: http error: status code 400 Bad Request ``` **Additional context** I'm unsure if this issue happens with any other auth clients, I've only used the PKCE flow. Happy to provide more info or an example program showcasing the issue.
kerem 2026-02-27 20:23:10 +03:00
Author
Owner

@ramsayleung commented on GitHub (Sep 2, 2022):

Hi @jacobmichels, thanks for your report, I think it's an issue that we need to fix, the prompt_for_token doesn't handle the exception case well.

To work around this I've had to delete the token cache and re-run prompt_for_token:

prompt_for_token should handle it more elegantly, just refetch the token and the update the cache.

github.com/ramsayleung/rspotify@2aca7c67ff/src/clients/oauth.rs (L156)

<!-- gh-comment-id:1235269562 --> @ramsayleung commented on GitHub (Sep 2, 2022): Hi @jacobmichels, thanks for your report, I think it's an issue that we need to fix, the `prompt_for_token ` doesn't handle the exception case well. > To work around this I've had to delete the token cache and re-run prompt_for_token: `prompt_for_token` should handle it more elegantly, just refetch the token and the update the cache. https://github.com/ramsayleung/rspotify/blob/2aca7c67ff94da3ffc3fb346d93b7c9ebc911cc3/src/clients/oauth.rs#L156
Author
Owner

@github-actions[bot] commented on GitHub (Jun 24, 2023):

Message to comment on stale issues. If none provided, will not mark issues stale

<!-- gh-comment-id:1605241326 --> @github-actions[bot] commented on GitHub (Jun 24, 2023): Message to comment on stale issues. If none provided, will not mark issues stale
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/rspotify#109
No description provided.