-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@clerk/clerk-sdk-node ClerkAPIResponseError: Unprocessable Entity - getUserOauthAccessToken google #1827
Comments
We do indeed need a reproduction in order to handle this one 🙏 |
I'm still trying to find a reproduction here, but we noticed Clerk auth acting strangely in our React Native / Expo app starting a week ago, and we haven't updated our app in over two weeks. It might be this. I'll report back. |
Hello 👋 We currently close issues after 40 days of inactivity. It's been 30 days since the last update here. If we missed this issue, please reply here. Otherwise, we'll close this issue in 10 days. As a friendly reminder: The best way to see an issue fixed is to open a pull request. If you're not sure how to do that, please check out our contributing guide. Thanks for being a part of the Clerk community! 🙏 |
Hello again 👋 After 40 days of no activity, we'll close this issue. Keep in mind, I'm just a robot, so if I've closed this issue in error, please reply here and my human colleagues will reopen it. As a friendly reminder: The best way to see an issue fixed is to open a pull request. If you're not sure how to do that, please check out our contributing guide. Thanks for being a part of the Clerk community! 🙏 |
@AlonMiz did you find a solution to this? I have the exact same issue as you: 1) User signs into app for first time. 2) User signs out and remains signed out for > 1 hour. 3) I go to fetch the oauth token (from server side). 4) I get the same error message as you. Getting the access token works well when the user was recently signed in, but not if the user has been signed out for >1 hour. It's fine if I have to manage the user's refresh tokens, but I don't think the Clerk api returns the user's refresh token when the user first authenticates. Per Clerk's documentation here Clerk says "Clerk ensures that the OAuth Access Token will be always fresh so that you don't have to worry about OAuth Refresh Tokens anymore." This doesn't appear to be the case for Google Oauth |
@thecrayon EDIT: it's still happening |
I've just started running into this issue too. For further context, I'm calling the function inside a cached server action.
I've also just noted the header has changed to |
hey has anyone got an update on this issue? the refresh token is not automatically refreshing the access token (im using google oauth). The code again works if I log out and log in again (probably because the access token resets), however why is the refresh token not automatically refreshing the access token as outlined in the documentation? Is it to do with the fact that im in dev mode still and can it fix in production? for reference: |
@muratg98 can you advise what Clerk hooks you’re calling prior to requesting the OAuth token? The ticket is closed but if we can figure out how to reliably reproduce we should log a new one. |
@muratg98 I actually swapped out Clerk for Next Auth- I never got this to work in Clerk. Using Next Auth, I find managing the access/refresh tokens to be much easier (you can clearly see error messages and you have much more control over the user authentication in general... the downside is you have to setup a lot more infrastructure with Next Auth to do this). However, It definitely could be because your app is in development mode though. Would not surprise me. Clerk dev mode was buggy and they would release breaking changes that took a while to debug. |
@muratg98 I'm also running into this issue. Using Google OAuth like the other's who have experienced this. The token isn't getting refreshed and after an hour calling
Happens both in Dev and Prod environments. |
The problem is due to the same OAuth application being used for Clerk Dev and Prod environments; the refresh token is only provided to whichever Clerk environment authenticates an account first. |
oh wow, i just got into the same issue |
This is correct - also we are tracking this specific issue and looking to get a fix implemented internally so this wouldn't be the case anymore, in case that is helpful |
just for the record, it happens when using python lib, and clerk api response: |
Hey everyone, I'm a Software Engineer from @clerk SDK team 👋 The Clerk will handle these cases, so you won't need to manage Identity Provider-specific behaviors. We will soon implement an API change that redirects users to Google for consent again if a refresh token is missing, requiring no action on your part. |
The issue is more significant than initially described. The core problem lies in the reuse of the same refresh_token for both user login and scope upgrades. Scenario:
Implications:
Desired Outcome:
|
Description
Steps to reproduce:
gmail.send,gmail.readonly
scopesclerk.users.getUserOauthAccessToken(userId, 'oauth_google');
ClerkAPIResponseError: Unprocessable Entity
errorExpected behavior:
I would expect the code not to throw and be able to get the OAuth token, even when the last token is expired, using the refresh token it fetched in the initial authentication
Actual behavior:
The getUserOauthAccessToken mechanism seems not to handle situation when it needs to refresh the OAuth token
Publishable key
pk_test_cHJvcGVyLXNwYXJyb3ctNDkuY2xlcmsuYWNjb3VudHMuZGV2JA
Environment
Preliminary Checks
I have reviewed the documentation: https://clerk.com/docs
I have searched for existing issues: https://github.com/clerkinc/javascript/issues
I have not already reached out to Clerk support via email or Discord (if you have, no need to open an issue here)
This issue is not a question, general help request, or anything other than a bug report directly related to Clerk. Please ask questions in our Discord community: https://clerk.com/discord.
Reproduction / Replay Link
its pretty hard - if there's no other choice ill try to create one
The text was updated successfully, but these errors were encountered: