Unable to handle a 401 (OAUTH token expired) response

Hi, my app is requesting data from a web service that requires OAUTH authentication. I have been able to get a OAUTH token, using communications.makeOAuthRequest and I can use that token to fetch data. The reponse I get back is HTTP 200 with a JSON formatted payload. All good so far.

The token is valid for 2 hrs and when expired, the web service sends back an HTTP 401 (unauthorized) response. When that happens, I need my code to trigger a token_refresh to acquire a new token from the OAUTH server (standard OAUTH stuff), however the makeWebRequest does not accept the 401 repsonse from the web service, instead I get a -400 responseCode in my makewebrequest callback (invalid response body data)

I set responseType => HTTP_RESPONSE_CONTENT_TYPE_JSON for my makewebrequest calls because the data I receive from the service is JSON formatted, so I have to (I think). Now with the 401 response that does not seem to be the case, I am not sure what ends is vilotaing the rules here, either the web service, or CIQ. Here is a screnshot of the HTTP traffic:

One solution would be trigger a token_refresh each time I get a -400 response in my callback but Ideally I'd like to be able to read the different error responseCodes that I get from the web service, so that I know what went wrong. Any ideas how I could work around this?

TIA

/Fredrik

Top Replies

Fsallstrom over 1 year ago in reply to FlowState +1

Thank you for the response, I fully agree with your reasoning. I think the response handling in makewebrequest is overly strict. I have had similar issues before and had to implement a web proxy in between…

All Replies

0 flocsy🤠 over 1 year ago

Although you'll probably have to deal with what you wrote above to be on the safe side, but another thing you could try is to prevent the 401 from happening, by saving not only the token but also the timestamp, and when you see it's more than let's say 100 minutes old then call the refreshtoken. This way you should almost never get the 401 (at least not for the expiration reason)

0 Fsallstrom over 1 year ago in reply to flocsy🤠

Thank you for replying, yes I have thought of doing that: Store the creation time of the token and refresh it when it gets close to expire. But I'd rather would like to get the error code form the server, there are other error cases that I need to handle. Now I get the -400 responseCode for every error, which is not very helpful.

I wonder if this problem is only with the particular service provider that I'm using, or if this is a common OAUTH problem in CIQ. I know that CIQ is very picky on the response content, from previous projects.

0 Fsallstrom over 1 year ago in reply to Fsallstrom

I implemented the same code in node JS and got the proper error message back. I could not see anything wrong with the 401 response I got back from the web service (due to the expired OAUTH token). Is there a bug in makewebrequest perhaps?

I can't see anything obviously wrong in the response body data, exept that the body seems to be empty. Still I get the -400 response code in my callback. Here is a screenshot of the HTTP response I get in the CIQ simulator:

0 Fsallstrom over 1 year ago in reply to Fsallstrom

and here is the response I get back from my Node JS app, for the same request:

Again, I can't see any reason why makewebrequest should return with a -400 (invalid body) status code on this response

0 flocsy🤠 over 1 year ago in reply to Fsallstrom

So there's no content-type header, nor body in the response.

0 Fsallstrom over 1 year ago in reply to flocsy🤠

Nope, body is empty.

0 flocsy🤠 over 1 year ago in reply to Fsallstrom

that's clearly not a json response then, is it?

0 Fsallstrom over 1 year ago in reply to flocsy🤠

I don't know really (out of my waters here) But just curious: what content type should a reponse have that does not have anything in the body?

0 flocsy🤠 over 1 year ago in reply to Fsallstrom

I guess Garmin didn't think about this, only about responses that are json, like: {"status": "ERROR"}

0 Fsallstrom over 1 year ago in reply to flocsy🤠

Yes, I think you are right. The web service I'm requesting data from is used by many and I have not been able to find any information on others (non-CIQ) clients having any issues with this.