Best answer

Session Auth Refresh

  • 27 April 2023
  • 1 reply
  • 220 views

So we have a session based auth, that needs to refresh a token (much like OAuth, but it’s not an OAuth flow).  Authentication works fine, and my assumption was that the authentication function would also be called when a 401 is raised from any creates or triggers (which we can handle), and the call would be tried again.  In standing up a test, it doesn’t appear it does.  The middleware beforeRequest gets called, throwForStatus throws a RefreshAuthError as expected, but the Zapier stack does not call our authorize function.  Even with skipThrowForStatus = true set on the request, the afterResponse never gets called as the RefreshAuthError isn’t caught.  Struggling to understand how are we supposed to refresh given this scenario?

As a side note, we’re converting from a Legacy Web app that uses session auth.  In that, per Zapier scripting documentation, the get_session_info auth function “will be called when your API returns a 401 or when you raise an InvalidSessionException .”  So the expectation converting to CLI was that this would work similarly (namely session auth, 401 → auth is called).  There’s plenty of CLI documentation for OAuth refresh (setting auto refresh to true, explicit token refresh function), but but not obvious here how we can handle our scenario of a refresh in the context of a session auth.

icon

Best answer by xman 28 April 2023, 00:40

View original

This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

1 reply

Ok so looks it actual IS working fine in Zapier.  It’s just that Zapier’s testing app (zapier.createAppTester(App)) doesn’t perform this behavior.  I expected it to because the middleware is in the testing app, but ok.  

 

If it helps others:  if you want to simulate re-auth flows in test locally, I suppose you have to craft the behavior yourself: return 401, catch the RefreshAuthError, and then run through re-auth yourself.