req_oauth_password prompts password-input continuously, but existing valid token are used

[exetico]

I was facing some issues in #491, but now the API part are working as expected, so I'm able to use req_oauth_password. However, I noticed that #119 points out that req_oauth_password triggers the "Password" input prompt on all request. Even though, it's actually saving the token in the first execution, and does re-use the token in the next execution.

Have I implemented something in a wrong way for my first "initial httr2-based test project"? There's no solution in #119, but hadley does request an example.

I use the following simple test-code to try and fetch "me" from "users":

get_users_me <- function() {
  response <- NULL

  if (interactive()) {
    tryCatch({
      response <- request("https://domain.com/users/me") |>
       req_auth() |>
       req_perform()
     
     # Handle the response inside the conditional
     content <- response |> resp_body_json(auto_unbox = TRUE)
    }, error = function(e) {
      stop("An error occurred: ", conditionMessage(e))
    })
  } else {
    # Handle non-interactive case, e.g., tests or scripts
    # Make sure to define how response should be handled or mocked here
  }

  # return content
  content
}

I use the following for my (currently) test client, and the wrapper for my req_auth:

test_con_client <- function() {
  oauth_client(
    id = "28acfec0674bb3da9f39",
    token_url = "https://domain.com/oauth/token",
    name = "client-r-package"
  )
}

req_auth <- function(req) {
  req_oauth_password(req,
    client = test_con_client(),
    username = "[email protected]"
  )
}

Using cache_disk does not change a thing. But it do look like it's using the existing token, even through it re-prompts me, asking me to enter the password again.

I noticed this by running with_verbosity(get_users_me()):

1. with_verbosity(get_users_me())
   a) does a POST /oauth/token HTTP/2
   b) get's a HTTP/2 200
   c) requests the resources at GET /users/me HTTP/2 (The Bearer are set in the headers, as expected)
   d) gets a HTTP/2 200

2. same R session, with_verbosity(get_users_me()) executed again.
   a) does a GET /users/me HTTP/2 (The Bearer are set in the headers, as expected)
   b) gets a HTTP/2 200

However, the password input prompt shows up on both executions:

Ignore the code in the background.

In other words, it's clear to me, that the password are not used in run no. 2, but are still being prompted to the user, for some reason.

Is this a bug, or do I need to check something, and only wrap req_oauth_password, if it needs to be re-authenticated? (initial, once expired, and so on)?

If I run the official example with github_client with req_oauth_auth_code, things works as I expect it to do: 1. run prompts me to grant access, and fetch the information. 2. run just fetches the information. I'm not "reprompted" to grant access.

[hadley]

This is definitely a bug 😄

[exetico]

Oh, a 🐛 there is.

I've commented on the bugfix in #499.

Now, the next step must be to see how I can test this by using the mock-functions, and finally, start building the package.

Do you by any chance knows a few libs which uses httr2, which maybe even "live tests" their solution, both with and without the mock-solution in httptest2? I've looked after a good way to spot popular packages which uses httr2 and httptest2, but didn't manage to find a good solution. Inspiration is key, now that I've checked most of the documentation for both libs. The Google drive gives something, but I'm still looking after something else to take a closer look at.

Thank you for fixing this!

As mentioned in the PR:
I've read the policy of "how often to release updates to R-packages", and I noticed that 1.0.1 was released at the 1. of april. Do you have any idea on when this can be released (and available on CRAN)?