Exceptions - 401 in particular

Question

Exceptions - 401 in particular

lipkau opened this issue 5 years ago · 12 comments

lipkau commented 5 years ago

Hello.

first of all, thank you for this package! cool stuff :-)

I got to the point where I am implementing the exceptions of the APIs I am using.
But I am now stuck with the problem:

How can I identify if the case where the access_token was invalidated?

For the other APIs I am consuming, I am checking for 401 responses.
What is the recommended way here?

if (!$client->getAllProjects()) {
  removePairing();
}

I was expecting something more in the likes of

try {
    $client->getAllProjects();
} catch (\FabianBeiner\Todoist\ResponseForbidden $e) {
    removePairing();
}

lipkau commented 5 years ago

correct

Answer 1 · 2020-01-01T13:24:15.000Z

Hey @lipkau,

Thanks for the kind words!

At the moment, I did not consider the scenario that the Token gets changed while the script is running. This is because it's not an OAuth token, but a manually and one time generated one. While people might regenerate one, it was not likely, in my opinion, that this happens while the script does anything.

So for now, I'd recommend the following:

try {
    $Todoist = new FabianBeiner\Todoist\TodoistClient('API_TOKEN');

    if ( ! $Todoist->getAllProjects()) {
        throw new  Exception('The API token seems invalid.');
    }
} catch (Exception $e) {
    echo 'An error occurred: ' . $e->getMessage();

    return false;
}

This is not elegant, but it might be a solution for now. I'll have to add checks anytime soon.

Answer 2 · 2020-01-01T17:45:27.000Z

Thank you.

To clarify, I am not counting on the token being invalidated during runtime.
But rather having the app use the OAuth Authorization Code Flow for pairing with todoist, storing the access_token in a DB and using it later.

the token can get invalidated by

the App registered at todosit being deleted
the app owner invalidating all tokens
the user removing the integration with the app https://todoist.com/prefs/integrations

Answer 3 · 2020-01-01T18:06:59.000Z

I am using the REST API, not the Sync API, so there is no OAuth, just a personal API token. ;)

Answer 4 · 2020-01-01T18:36:02.000Z

I know. But the REST API can use the same OAuth as the sync API:

https://developer.todoist.com/rest/v1/#authorization links to https://developer.todoist.com/sync/v8/#oauth

Answer 5 · 2020-01-01T18:41:48.000Z

Yes, but as said, this class does not.

Answer 6 · 2020-01-01T18:42:31.000Z

It does!
I can show you, if you are interested

Answer 7 · 2020-01-01T18:54:58.000Z

Of course, go ahead!

Answer 8 · 2020-01-01T19:05:58.000Z

do you want a sample repo which you have to clone, setup and create a todoist app to test?
I can also show you via discord or zoom

Answer 9 · 2020-01-01T19:13:27.000Z

Wait, just to be sure:

You implemented that OAuth thingy yourself, right?

Answer 10 · 2020-01-01T20:27:47.000Z

Ahhh! Well, you have to implement this for yourself at the moment, as my official library does not support this. But I'm looking forward to the updated library! :)

Answer 11 · 2020-01-06T11:25:15.000Z

For anyone interested in this: @FabianBeiner 's suggestion on how to solve this did not take into account that an empty array is also considered false. Therefore, I recommend using this instead:

try {
    $Todoist = new FabianBeiner\Todoist\TodoistClient('API_TOKEN');

    if ( ! is_array($Todoist->getAllProjects())) {
        throw new  Exception('The API token seems invalid.');
    }
} catch (Exception $e) {
    echo 'An error occurred: ' . $e->getMessage();

    return false;
}