Fix token refresh: accept numeric userid from Withings#3
Merged
Conversation
The /v2/oauth2 endpoint returns userid as a JSON string on the initial authorization_code grant but as a JSON number on the refresh_token grant. tokenResponse.UserID was typed as string, so every refresh failed with: cannot unmarshal number into Go struct field tokenResponse.userid of type string leaving users locked out after the ~3h access token expiry until they re-ran auth login. Switch the field to json.Number, which unmarshals from either form, and call .String() at the two assign sites. TokenStore.UserID stays string on disk, so existing auth.json files remain valid. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/v2/oauth2returnsuseridas a JSON string on theauthorization_codegrant but as a JSON number on therefresh_tokengrant.tokenResponse.UserIDwas typedstring, so every refresh failed withcannot unmarshal number into Go struct field tokenResponse.userid of type string, locking users out ~3h after login until they re-ranauth login.json.Number(unmarshals from either form); call.String()at the two assign sites.TokenStore.UserIDremainsstringon disk — existingauth.jsonfiles stay valid.Test plan
go build ./...cleango vet ./...cleango test ./internal/auth/...— both subtests passexpires_at→ 2020), runmeasurements --since 1d --json, confirm refresh succeeds and newexpires_atis ~3h out🤖 Generated with Claude Code