Requests don't pick up new OAuth 2.0 token
benyaa opened this issue · comments
Expected Behavior
That if I generate a new token, all child requests will use new token.
Actual Behavior
When I change environment, I clear the token, generate a new one and it still uses the old token meant for a different environment.
Reproduction Steps
- Create a folder with
OAuth 2.0
auth - create a child request with
Inherit from parent
auth - generate a new OAuth 2.0 token in folder
- send child request
- change environment
- clear token
- generate new token
- send child request again
- seems like child request is using the token of old env instead of using the new generated token
Is there an existing issue for this?
- I have searched the issue tracker for this problem.
Additional Information
it seems that if I duplicate the request and the duplication uses the new token
Insomnia Version
9.3.3
What operating system are you using?
Ubuntu
Operating System Version
Ubuntu Cinnamon noble 24.04 x86_64
Installation method
AppImage
Last Known Working Insomnia version
No response
@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environment
@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environment
not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I view the sent auth token what I see is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent
.
@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environmentnot sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using
Inherit from parent
.
Does your environment includes OAuth info?
If not, does it mean that you manually change the oauth
token in folder Auth and send child requests after switch env, it still use the old oauth
token?
If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.
@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environmentnot sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using
Inherit from parent
.Does your environment includes OAuth info? If not, does it mean that you manually change the
oauth
token in folder Auth and send child requests after switch env, it still use the oldoauth
token? If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.
My env includes the OAuth 2 info that is used to generate the token.
So what happens is: I generate a new token -> if I create a new request it uses this new token, but if I run an already existing request - it uses the old token(generated by the previous env's oauth info.
Nothing in the auth tab.
@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environmentnot sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using
Inherit from parent
.Does your environment includes OAuth info? If not, does it mean that you manually change the
oauth
token in folder Auth and send child requests after switch env, it still use the oldoauth
token? If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.My env includes the OAuth 2 info that is used to generate the token. So what happens is: I generate a new token -> if I create a new request it uses this new token, but if I run an already existing request - it uses the old token(generated by the previous env's oauth info.
Nothing in the auth tab.
Since you're using Inherit from parent
, can I see the auth tab of folder which contains your request.
@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environmentnot sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using
Inherit from parent
.Does your environment includes OAuth info? If not, does it mean that you manually change the
oauth
token in folder Auth and send child requests after switch env, it still use the oldoauth
token? If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.My env includes the OAuth 2 info that is used to generate the token. So what happens is: I generate a new token -> if I create a new request it uses this new token, but if I run an already existing request - it uses the old token(generated by the previous env's oauth info.
Nothing in the auth tab.Since you're using
Inherit from parent
, can I see the auth tab of folder which contains your request.
I have the same problem and it doesn't require an env change.
It is enough to change the user and get a new token in the parent folder. This is not picked up by child requests where a request was made (one requirement maybe that the old token from the old user is still valid).
Repro:
-
This steps seems to copy the token into the child request itself
-
Go to the parent folder, clear Oauth2 session and clear tokens, change user1 to user2, login and fetch new tokens
-
Go to child request, send again => it still uses token of user1.
-
If I switch to Oauth 2.0 in child request, I see that there is the old user1 token still stored (although the Oauth2 settings are missing, I guess these aren't copied to the child request)
-
If I now manually clear the tokens in child request, switch back to "Inherit from parent", and send the request again, the user2 token will be picked up again.
I see the same behaviour when just deleting the token in parent folder: this will not clear the token from child request (even though "Inherit from parent" is selected) and child requests continue to use the token that should have been cleared.
Just switched to Insomnia 10.0.0 via Snap to test it.
Also tested it with multiple requests, problem seems to always be that tokens are copied to child request, but then never deleted or updated.
Start in a clear state (so no stored tokens for all requests), then login user1, send request1, login user2, send request2, login user3, send request3 => now all three requests use different tokens despite all of them having "Inherit from parent" selected and parent having user3 token configured.
We wanted to switch over to Insomnia from Postman, but this is a breaking bug for us.
It is also a very very dangerous bug, never knowing which credentials you are using when sending requests renders Insomnia completely useless for us.
Not sure if I am missing some setting or doing something dumb, but being confident I know what the software does when I click "Send request" is literally the number 1 priority for me.
I encountered this bug today as well. Let me know if I can do anything.