Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requests use stale OAuth 2.0 Token after clearing OAuth 2 session #8374

Open
2 of 4 tasks
akiander opened this issue Feb 17, 2025 · 3 comments
Open
2 of 4 tasks

Requests use stale OAuth 2.0 Token after clearing OAuth 2 session #8374

akiander opened this issue Feb 17, 2025 · 3 comments
Assignees
@ryan-willis
Labels
B-bug Bug: general classification S-verified Status: Verified by maintainer

Comments

@akiander
Copy link

Expected Behavior

If I change accounts when using OAuth 2.0 authentication, I expect all of the requests in that folder to use the new account. But unfortunately, requests use the stale (previous) OAuth 2.0 Token after clearing OAuth 2 session and clearing and retrieving a new token with a different account.

Actual Behavior

I am using Insomnia in scratch pad mode. I have a folder set up with OAuth 2.0 authentication. The requests inside the folder are set to inherit auth from parent. Unfortunately, when the parent folder has a new account authenticated, the underlying requests never use the new account.

I've tried "Clear OAuth 2 session" as well as "Clear" and "Refresh Token" on the OAuth 2 tab. I've also tried all of these after rebooting the application. The requests will continue to use the old account even though the new JWT access token on the OAuth 2 tab on the folder clearly shows that new account that it should be using.

Reproduction Steps

  1. In Scratch Pad mode, create a folder with OAuth 2.0 authentication with at least one request in it.
  2. Authenticate with an account and run your request, checking that the account is the correct one.
  3. Go back and login with a different account at the folder level.
  4. You should see that you request will never use the new account.

Is there an existing issue for this?

Which sync method do you use?

  • Git sync.
  • Insomnia Cloud sync.
  • Local only

Additional Information

No response

Insomnia Version

10.3.1

What operating system are you using?

Windows

Operating System Version

Windows 10 Enterprise Version 22H2 OS build 19045.5371

Installation method

corporate install

Last Known Working Insomnia version

No response
@akiander akiander added B-bug Bug: general classification S-unverified Status: Unverified by maintainer labels Feb 17, 2025
@ryan-willis
Copy link
Contributor

Hey @akiander thanks for the report. Could you give our latest beta version (10.3.2-beta0) a try? It includes a fix for a long-standing folder inheritance bug: https://github.com/Kong/insomnia/releases/tag/core%4010.3.2-beta.0

Alternatively, you can switch to the Early release channel in the app's Preferences and update that way.

@akiander
Copy link
Author

I just tried the latest beta version (10.3.2-beta0) but I'm still observing the same behavior where changing my credentials at the folder level does not change the JWT bearer token getting sent in the underlying requests. It continues to use the first set of credentials even if a clear my OAuth session and clear / reauthenticate to get a new JWT value.

@ryan-willis ryan-willis self-assigned this Feb 18, 2025
@ryan-willis
Copy link
Contributor

@akiander thanks for verifying, I'll work on a fix

@ryan-willis ryan-willis added S-verified Status: Verified by maintainer and removed S-unverified Status: Unverified by maintainer labels Feb 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ryan-willis ryan-willis

Labels
B-bug Bug: general classification S-verified Status: Verified by maintainer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akiander @ryan-willis