Refresh of access token not working?

  • Hi! I tried to test if refresh of access_token is working by putting a timestamp of a date in the past (let’s say 1 day ago) in the DB:

    table: wp_option
    option_name: cleverreach_newsletter_auth_info
    here I changed the value of: “expires_in”

    After submitting my subscription form I would expect to have some “refresh”, e.g. find updated tokens and a new “expires_in” value in the database … but nothing was updated.

    So I assumed that refresh was not working as (I) expected, so I digged a bit into the code.

    As far as I understand it here is what happens:

    1. Get Auth info and write it to the DB

    get_valid_access_token() in class-proxy-base.php, line 300:

    if ( isset( $result['access_token'], $result['expires_in'], $result['refresh_token'] ) ) {
  $this->auth_service->set_auth_info( Auth_Info::from_array( $result ) );
}

    $result[‘expires_in’] comes back from the API as “2592000”, hence 30 days

    2. Make a date out of “expires_in” before putting it to the DB

    from_array() in class_auth_info.php, lines 79-89

    The function makes a date out of that 30 days:

    $auth_info->access_token_duration = ... time() + $data['expires_in']

    It “adds” the 30 days to the current time, this value is then saved (as a timestamp) to the database. The value ‘expires_in’ now holds a date in 1 month.

    (As written above: This date I changed to a time “1 day ago”.)

    3. Check if access_token is expired

    is_access_token_expired() in class-auth-service.php, lines 26-36

    public function is_access_token_expired() {
  $auth_info = $this->auth_info_repository->get_auth_info();

  $duration = $auth_info->get_access_token_duration();

  if ( $duration ) {
    return time() >= $duration;
  }
  
  return false;
}

    The problem here is, that get_auth_info() also uses the function from_array().

    public function get_auth_info() {
  return Auth_Info::from_array( get_option( self::AUTH_INFO_OPTION_NAME ) );
}

    So this functions now get’s the timestamp from the database (a date) and adds the current time to it again. ( Remember: time() + $data[‘expires_in’] )

    The result then is compared to “time()”, so:

    time() >= $duration;

    is basically this:

    time() >= time() + $data['expires_in']

    which equals to

    time() - time() >= $data['expires_in']

    or

    0 >= $data['expires_in']

    which will never be “true” as long as “expires_in” has a date / timestamp as a value.

    Can you confirm or am I missing something?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter zopocecito

    (@zopocecito)

    Bonus question: Could you please say how long the refresh_token will be valid? I assume it expires after some time as well?

    Thread Starter zopocecito

    (@zopocecito)

    Hallo! Es sind jetzt 2 Monate vergangen seit meinen Bug-Report, ich bitte erneut um Feedback. Das Problem besteht nach wie vor, die Erneuerung des access_tokens funktioniert einfach nicht.

    (Ich betreue aktuell 5 Websites und habe seit meiner Meldung vor 2 Monaten bei allen Website 2 Mal einen manuellen Re-Connect zur Api machen müssen, weil das access_token nach 30 Tage abl?uft und dann nicht refreshed wird.)

    Das Problem besteht nach wie vor wie oben ausführlich dargelegt; hier noch mal in aller “Kürze”:

    1. expires_in wird in die wp_options Tabelle geschrieben

    $this->auth_service->set_auth_info( Auth_Info::from_array( $result ) );

    … time() + $data[‘expires_in’]

    D.h. aktuelle Zeit + 30 Tage = Datum in 30 Tagen, also bspw.

    time() = 1633362797 (= Monday, 2021-10-04 15:53:17 UTC)
    $data[‘expires_in’] = 2592000 (=2592000s = 30 Tage)
    1633362797 + 2592000 = 1635954797 (= Wednesday, 2021-11-03 15:53:17 UTC)

    1635954797 landet nun als Wert für “expires_in” in der wp_options.

    2. Lesen der Auth-Infos, die “Kette” der Funktionsaufrufe ist wie folgt:

    get_valid_access_token() …
    $this->auth_service->is_access_token_expired() …
    $this->auth_info_repository->get_auth_info() …
    return Auth_Info::from_array( get_option( self::AUTH_INFO_OPTION_NAME ) );

    Hier passiert beim Lesen erneut:

    time() + $data[‘expires_in’]

    Aber jetzt der aktuelle Zeitstempel + Datum in 30 Tagen, d.h. mit den Beispielen von oben

    time() = 1633422591 (=Tuesday, 2021-10-05 08:29:51 UTC)
    $data[‘expires_in’] = 1635954797 (= Wednesday, 2021-11-03 15:53:17 UTC) (der Wert, der in die Datenbank geschrieben wurde)

    1633422591 + 1635954797 = 3269377388 (= Tuesday, 2073-08-08 00:23:08 UTC)

    set_auth_info und get_auth_info rechnen beide via from_array() die aktuelle Zeit auf den Wert drauf, das macht aber für get_auth_info überhaupt keinen Sinn, bzw. hier liegt einfach ein “Fehler” vor!

    Wenn ich nun vergleiche

    time() >= $duration

    Dann ist das immer “false”, $duration irre weit in der Zukunft liegt, also mit den Beispielen

    1633422591 >= 3269377388

    Bitte bitte fixen!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Refresh of access token not working?’ is closed to new replies.