API autthenticated requests with user name in path broken #1038
Comments
|
That means you're not correctly authenticated as the user that you're requesting stats for. You can check the user you're authenticated as by making the same request to this url: |
That means you're requesting stats for a user different to the authenticated user? Check that from the stats response |
|
When I was investigating the issue orignially, I only tested with a single user, my user. Also this broke one day without me making any code changes after it having worked for a year or so. If I was authenticated to wrong user shouldn't I receive a 403 I instead of a 400. I did as you suggested and checked the user I was authenticated as, shows IzStriker. Interestingly, only making authenticated requests.
Note: The scope for the access token is "email,read_stats". |
|
What about
But the change we made recently was returning 400 instead of redirecting to the public view when you request any non-public range of stats for a user while not authenticated as that user:
|
|
It is possible that is was redirecting to the public endpoints, however due to rolling logs I cannot see if that is the case with iStriker and I's software. |
|
We changed the api to show an error when requesting an invalid range instead of redirecting about 3 months ago, to prevent api consumers accidentally using a response for X range when they requested Y range. |
This returns the expected data when I make the request with the access token and doesn't works without. It seems unlikely that I was using the public endpoints the whole time because I was accessing the projects field and using the different time ranges which aren't available from the public endpoint. To just to elimiate any confusion this is the request I'm doing. curl --location 'https://api.wakatime.com/api/v1/users/IzStriker/stats/last_7_days' \
--header 'Authorization: Bearer <redacted> \
--header 'Cookie: csrftoken=<redacted>; session=<redacted>'If you're familar with dotnet here is the code that broke 3 (or so) months ago https://github.com/IzStriker/WakaBot/blob/509eed9b8e837fb1bcb7d15da20a49b2f60c1046/WakaBot.Core/WakaTime/WakaTime.cs#L100C9-L100C116 |
|
What I'll do when I get I back from the pub is make a code change to use /current and see if that works. |
|
Current works, it just will break caching because all users will use the same url. |
|
Looks like there's a bug on our end, I'll get it fixed soon. |
|
It's fixed. Turns out you were doing everything correctly, but we broke parsing the username from api urls, only when checking OAuth scopes. It worked with |
|
Also related but not required, usernames change so it's better to use |
|
Great, thanks for your time. I'll change it to use user id. |
I don’t know if this is the correct place to post this issue, but there seems to be an issue with the
https://wakatime.com/api/v1/users/:user/stats/:rangeendpoint when making authenticated requests. I have a Discord bot that ranks server members based on the amount of programming they’ve done in the previous week/month, etc. The bot makes authenticated requests tohttps://wakatime.com/api/v1/users/:user/stats/:range, but it seems this endpoint has broken in the past few months as it always returns:{ "error": "Time range not matching user's public stats range." }When I change
:userto becurrentin the URL, authenticated requests work. I would make this change in the code, but I use the unique URLs for each user for caching purposes. This definitely worked previously, as I was using this endpoint for a while before it broke.The text was updated successfully, but these errors were encountered: