Async calls do not correctly pass cookies, resulting in 401 errors #14
Comments
|
Hi, unfortunately I don't have much background in C#, so I can't really resolve these issues. We use the C# generator, which builds the package based on the specification we've defined. We patch this generated code to include a cookie store, which is required to maintain the authenticated state. This issue mentions various issues, the 2fa response is hard to structure in an OpenAPI complaint way, since the majority of generators don't support the Regardless, the authentication issue seems like it could be resolved by updating the way we patch in the cookie store, and maybe you could give it a try? |
|
Once I get around to updating our discord bot (where we're using the API), I'll try to clone the repo and see if I can patch the async methods. I could then hopefully suggest a further fix to the generator script. |
|
ApiClient.cs:448 should be |
|
Solved: Line 549 should have this code: var cookies = CookieContainer;
if (options.Cookies != null && options.Cookies.Count > 0)
{
foreach (var cookie in options.Cookies)
{
cookies.Add(new Cookie(cookie.Name, cookie.Value, cookie.Path, new Uri(baseUrl).Host));
}
}
var clientOptions = new RestClientOptions(baseUrl)
{
CookieContainer = cookies,
ClientCertificates = configuration.ClientCertificates,
MaxTimeout = configuration.Timeout,
Proxy = configuration.Proxy,
UserAgent = configuration.UserAgent
}; |
|
Two bugs fixed with one initial stone, lol |
|
VRChat.API.zip |
Running nearly any async API call which requires any form of authentication (that is, the Auth cookie or similar to be present) results in 401 errors due to the cookie seemingly not being present. Running the same calls synchronously works fine, likewise when attempting to replicate manually via Insomnia.
It looks like it may be related to the fact that
ApiClient.ExecAsyncdoesn't useApiClient.CookieContainerand doesn't provide it to the RestClient, whileApiClient.Execdoes.Example 1:
Running
await API.Authentication.GetCurrentUserWithHttpInfoAsync()works fine (doesn't need auth cookies for a first-time login, instead it provides a Set-Cookie header with the Auth cookie). (Side-note, unrelated to this issue: the received data isn't parsed correctly in this case, as the schema doesn't match the "TOTP required" response JSON:{ "requiresTwoFactorAuth": [ "totp", "otp" ] }. The endpoint call itself doesn't fail on Auth cookies missing though.)Running
await API.Authentication.Verify2FAAsync(new(totp))afterwards ends with a 401: Missing Credentials. The VRC API details that this happens when the Auth cookie isn't provided. Replicating the same steps manually in Insomnia works correctly, same as executing this call synchronously (viaAPI.Authentication.Verify2FA()).Example 2:
After successfully logging in (by running
Verify2FAsynchronously), runningawait API.Users.GetUserAsync(userId)leads to the same 401: Missing Credentials error as before.The text was updated successfully, but these errors were encountered: