DoctorMcKay/node-steam-tradeoffer-manager

useAccessToken and expired access_token

endze1t opened this issue · 4 comments

endze1t commented

Hey there,

I'm aware that useAccessToken is an experimental feature, but it's the only way to access request-specific endpoints.

I've randomly discovered that the access_token might expire unexpectedly, and this issue is not yet addressed by the library.

Consequently, the response will be: <html><head><title>Forbidden</title></head><body><h1>Forbidden</h1>Access is denied. Retrying will not help. Please verify your <pre>key=</pre> parameter.</body></html>, with a status code of 403.

endze1t commented

Thank you for your prompt response.

Unfortunately, although we are listening for the sessionExpired event, it never fired in that instance. This issue did not occur previously when using an API key instead of an access token.

endze1t commented

I hope this will help:

Both requests were made within a short time frame.

steamCommunity.loggedIn((error, loggedIn) => {
  // loggedIn was true
});
steamTradeManager.getOffer(offerId, (error, offer) => {
  // error.message was "HTTP error 403"
});

So, my thought is that the Steam Community session cookie is still valid, but the access_token is no longer valid.

Noobgam commented

With my "patched-for-logs" steamcommunity

{"level":30,"time":1712421286674,"pid":35,"hostname":"**","name":"SteamCommunityHealth","message":"Executing api request","requestId":66079,"url":"https://api.steampowered.com/IEconService/GetTradeOffers/v1/"}

{"level":40,"time":1712421286858,"pid":35,"hostname":"**","name":"SteamCommunityHealth","message":"Api request failed","requestId":66079,"httpError":{"code":403,"body":"<html><head><title>Forbidden</title></head><body><h1>Forbidden</h1>Access is denied. Retrying will not help. Please verify your <pre>key=</pre> parameter.</body></html>"}}

From what I'm seeing this happens in the GetTradeOffers call. It's just not detected in that call
https://github.com/DoctorMcKay/node-steam-tradeoffer-manager/blob/master/lib/index.js#L522-L553

And it seems to align with the behavior that you're seeing, this call is being made in the getOffer.
From what I'm seeing none of the status codes are processed here (likely before recent changes it wasn't ever a problem because accessKeys were not getting revoked)

I'm pretty sure the change should be located somewhere here

I'll do the change locally and publish a PR today

Locally with debugger I'm seeing this effect. So I guess the 403 is being caught someplace else, the branch below on line 51 is never being hit

image

  • ❤️1