So we have a session based auth, that needs to refresh a token (much like OAuth, but it’s not an OAuth flow). Authentication works fine, and my assumption was that the authentication function would also be called when a 401 is raised from any creates or triggers (which we can handle), and the call would be tried again. In standing up a test, it doesn’t appear it does. The middleware beforeRequest gets called, throwForStatus throws a RefreshAuthError as expected, but the Zapier stack does not call our authorize function. Even with skipThrowForStatus = true set on the request, the afterResponse never gets called as the RefreshAuthError isn’t caught. Struggling to understand how are we supposed to refresh given this scenario?
As a side note, we’re converting from a Legacy Web app that uses session auth. In that, per Zapier scripting documentation, the
get_session_info auth function “will be called when your API returns a 401 or when you raise an
InvalidSessionException .” So the expectation converting to CLI was that this would work similarly (namely session auth, 401 → auth is called). There’s plenty of CLI documentation for OAuth refresh (setting auto refresh to true, explicit token refresh function), but but not obvious here how we can handle our scenario of a refresh in the context of a session auth.
Best answer by xmanView original