Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oauth2 doesn't follow 301 redirects #177

Closed
ncw opened this issue Mar 9, 2016 · 5 comments
Closed

oauth2 doesn't follow 301 redirects #177

ncw opened this issue Mar 9, 2016 · 5 comments

Comments

@ncw
Copy link

ncw commented Mar 9, 2016

I'm using oauth2 very succesfully in rclone (rclone.org). I'm having trouble with the hubic implementation though. It works perfectly nearly all the time, but every now and again it returns this error when it tries to refresh the token.

Get https://api.hubic.com/1.0/account/credentials: oauth2: cannot fetch token: 301 Moved Permanently
Response: <html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

I think this error is probably coming from here.

I don't know whether this is a problem with Hubic being out of spec or this library - any help much appreciated!

You can see my code here with the utility library here.
@ncw ncw mentioned this issue Mar 9, 2016
Closed
@rakyll
Copy link
Contributor

rakyll commented Aug 26, 2016

HTTP client is automatically following 301s unless Client.CheckRedirect says otherwise. It is unlikely that it is coming from https://github.com/golang/oauth2/blob/master/internal/token.go#L176.

Are you sure that the http.Client you are using is not disabling redirects?

@ncw
Copy link
Author

ncw commented Aug 27, 2016

Hmm.. my code doesn't set CheckRedirect so it is using the default policy. Apparently neither does oauth2.

I checked out rclone and all its dependencies into a clean GOPATH and grepped them. There were no uses of CheckRedirect.

If it had been a redirect loop then it should have produced this error

   544  func defaultCheckRedirect(req *Request, via []*Request) error {
   545      if len(via) >= 10 {
   546          return errors.New("stopped after 10 redirects")
   547      }
   548      return nil
   549  }

Any other ideas?

Thanks

Nick

@rakyll
Copy link
Contributor

rakyll commented Sep 7, 2016

Get https://api.hubic.com/1.0/account/credentials

Is this a GET request or is it your custom error message? I am assuming you are experiencing this at https://github.com/golang/oauth2/blob/master/internal/token.go#L149 and I don't think POST requests are being redirected according to https://github.com/golang/go/blob/2af00eb63cde716b59c0d64f4c3855b83a9d5a63/src/net/http/client.go#L365.

@romeovs
Copy link

romeovs commented Oct 21, 2016

HTTP 301 dictates that the client retries the request at another location with the GET method. So while your http client probably retries the request correctly, the method will be wrong.

To redirect that respects the request method, the server should issue a 307 Temporary Redirect or 308 Permanent Redirect, but AFAIK, the go net/http package does not support 307 redirects for POST or PUT yet.

@matoous
Copy link

matoous commented Jun 9, 2021

This was fixed in: https://go-review.googlesource.com/c/go/+/29852/ and this issue can be closed I think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rakyll @ncw @romeovs @seankhliao @matoous