Requests don't pick up new OAuth 2.0 token

Question

Requests don't pick up new OAuth 2.0 token

benyaa opened this issue a month ago · comments

Expected Behavior

That if I generate a new token, all child requests will use new token.

Actual Behavior

When I change environment, I clear the token, generate a new one and it still uses the old token meant for a different environment.

Reproduction Steps

Create a folder with OAuth 2.0 auth
create a child request with Inherit from parent auth
generate a new OAuth 2.0 token in folder
send child request
change environment
clear token
generate new token
send child request again
seems like child request is using the token of old env instead of using the new generated token

Is there an existing issue for this?

I have searched the issue tracker for this problem.

Additional Information

it seems that if I duplicate the request and the duplication uses the new token

Insomnia Version

9.3.3

What operating system are you using?

Ubuntu

Operating System Version

Ubuntu Cinnamon noble 24.04 x86_64

Installation method

AppImage

Last Known Working Insomnia version

No response

Kent Wang · Answer 1 · Thu Aug 29 2024 11:45:48 GMT+0800 (China Standard Time)

@benyaa you can enable Filter responses by environment in Preferences

After enable this option, when you change the env, we will find the response matching your current environment

Ben Yaakobi · Answer 2 · Thu Aug 29 2024 13:50:53 GMT+0800 (China Standard Time)

@benyaa you can enable Filter responses by environment in Preferences

After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I view the sent auth token what I see is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

Kent Wang · Answer 3 · Thu Aug 29 2024 15:20:48 GMT+0800 (China Standard Time)

@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

Does your environment includes OAuth info?
If not, does it mean that you manually change the oauth token in folder Auth and send child requests after switch env, it still use the old oauth token?
If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.

Ben Yaakobi · Answer 4 · Thu Aug 29 2024 15:25:52 GMT+0800 (China Standard Time)

@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

Does your environment includes OAuth info? If not, does it mean that you manually change the oauth token in folder Auth and send child requests after switch env, it still use the old oauth token? If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.

My env includes the OAuth 2 info that is used to generate the token.
So what happens is: I generate a new token -> if I create a new request it uses this new token, but if I run an already existing request - it uses the old token(generated by the previous env's oauth info.

Nothing in the auth tab.

Kent Wang · Answer 5 · Thu Aug 29 2024 15:33:34 GMT+0800 (China Standard Time)

@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

Does your environment includes OAuth info? If not, does it mean that you manually change the oauth token in folder Auth and send child requests after switch env, it still use the old oauth token? If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.

My env includes the OAuth 2 info that is used to generate the token. So what happens is: I generate a new token -> if I create a new request it uses this new token, but if I run an already existing request - it uses the old token(generated by the previous env's oauth info.

Nothing in the auth tab.

Since you're using Inherit from parent, can I see the auth tab of folder which contains your request.

Ben Yaakobi · Answer 6 · Thu Aug 29 2024 15:34:52 GMT+0800 (China Standard Time)

@benyaa you can enable Filter responses by environment in Preferences
After enable this option, when you change the env, we will find the response matching your current environment

not sure how it helps.. My requests are sent in the correct environment, that's why I get 401 - when I see the sent auth token is the previous env auth token. When I try to manually use(meaning, change to Bearer token and copying the token to there) the newly generated token of the current env works. But it is not switched to it automatically using Inherit from parent.

Does your environment includes OAuth info? If not, does it mean that you manually change the oauth token in folder Auth and send child requests after switch env, it still use the old oauth token? If so, could you please check the auth value displayed in folder Auth tab, whether its value is correct one or the old one.

My env includes the OAuth 2 info that is used to generate the token. So what happens is: I generate a new token -> if I create a new request it uses this new token, but if I run an already existing request - it uses the old token(generated by the previous env's oauth info.
Nothing in the auth tab.

Since you're using Inherit from parent, can I see the auth tab of folder which contains your request.

Yannick · Answer 7 · Tue Sep 17 2024 17:38:21 GMT+0800 (China Standard Time)

I have the same problem and it doesn't require an env change.
It is enough to change the user and get a new token in the parent folder. This is not picked up by child requests where a request was made (one requirement maybe that the old token from the old user is still valid).

Repro:

Get token for user1 in parent folder via OAuth 2.0.
Send request in child with "Inherit from parent"
This steps seems to copy the token into the child request itself
Go to the parent folder, clear Oauth2 session and clear tokens, change user1 to user2, login and fetch new tokens
Go to child request, send again => it still uses token of user1.
If I switch to Oauth 2.0 in child request, I see that there is the old user1 token still stored (although the Oauth2 settings are missing, I guess these aren't copied to the child request)
If I now manually clear the tokens in child request, switch back to "Inherit from parent", and send the request again, the user2 token will be picked up again.

I see the same behaviour when just deleting the token in parent folder: this will not clear the token from child request (even though "Inherit from parent" is selected) and child requests continue to use the token that should have been cleared.

Just switched to Insomnia 10.0.0 via Snap to test it.

Also tested it with multiple requests, problem seems to always be that tokens are copied to child request, but then never deleted or updated.
Start in a clear state (so no stored tokens for all requests), then login user1, send request1, login user2, send request2, login user3, send request3 => now all three requests use different tokens despite all of them having "Inherit from parent" selected and parent having user3 token configured.

We wanted to switch over to Insomnia from Postman, but this is a breaking bug for us.
It is also a very very dangerous bug, never knowing which credentials you are using when sending requests renders Insomnia completely useless for us.
Not sure if I am missing some setting or doing something dumb, but being confident I know what the software does when I click "Send request" is literally the number 1 priority for me.

Costyn van Dongen · Answer 8 · Fri Sep 27 2024 18:27:31 GMT+0800 (China Standard Time)

I encountered this bug today as well. Let me know if I can do anything.