403 (Forbidden) despite valid Client ID, Secret and Refresh Token

[janssen-io]

For a couple years now, I have a bot running smoothly thanks to this library.
Unfortunately, since a few days now I started seeing 403 - Forbidden errors.

When troubleshooting using Fiddler, I found out that the token refresh in Reddit.Models.Internals.Request is never being hit.
My hunch is that Reddit used to respond with 401 - Unauthorized and changed this. Now the conditional on line 174 is no longer true and thus the Access Token stays null.

When I change the conditional to include || (res.StatusCode == HttpStatusCode.Forbidden, the app works as expected again. :)

        private IRestResponse GetResponse(IRestResponse res, ref RestRequest restRequest)
        {
            int serviceRetry = 3;
            do
            {
                int retry = 5;
                while ((res == null || !res.IsSuccessful)
                        && (RefreshToken != null || DeviceId != null)
                        && (res.StatusCode == HttpStatusCode.Unauthorized  // This is returned if the access token needs to be refreshed or wasn't provided.  --Kris
                       ---> || res.StatusCode == HttpStatusCode.Forbidden  // Since 2024-07 it seems that Reddit returns Forbidden instead of Unauthorized when no token is present. --janssen-io (Stan)
                            || res.StatusCode == HttpStatusCode.InternalServerError  // On rare occasion, a valid request will return a status code of 500, particularly if under heavy load.  --Kris
                            || res.StatusCode == 0)  // On rare occasion, a valid request will return a status code of 0, particularly if under heavy load.  --Kris
                        && retry > 0)
                {
                     // ...

[thedarklort]

Thank you,

I had that problem too for like a month that sometimes when i try to restart my bot it just instantly threw that 403.
It usually fixed itself after some time.

But this little change worked perfectly

[janssen-io]

I created a fork where I fixed this, but because I'm not entirely sure this is fixing the root cause rather than a symptom, I didn't open a PR yet. For anyone else in need of this fix, there's a DLL in the Releases of the fork as well.

I then simply replace the DLL before I deploy my bot:
https://github.com/janssen-io/ReviewBot/blob/9ade9d9f3c308001baf5ec208fcbc6e79950a384/.github/workflows/deploy.yml#L43-L46

    - name: Patch Reddit.NET
      shell: bash
      run: |
        wget -O "$RELEASE_DIR/Reddit.NET.dll" https://github.com/janssen-io/sirkis-Reddit.NET/releases/latest/download/Reddit.NET.dll

[origine999]

I figured that was the cause, thanks for the fix! Probably a good fix would be to fetch the access token when there is none cached, instead of relying on Reddit to return 401.

[p-julien]

Thank you for the fix!

[cultpodcasts]

Awesome work! This fixes it for me. Thank you for making a fix available. Looking forward to a long-term fix

[sirkris]

My hunch is that Reddit used to respond with 401 - Unauthorized and changed this.

Your hunch is correct. I really wish Reddit would notify SDK maintainers when they make BC-breaking changes like this. :/

Anyway, I'll put out a hotfix for this soon. Thanks for the heads-up!

[fluxion-dev]

My hunch is that Reddit used to respond with 401 - Unauthorized and changed this.

Your hunch is correct. I really wish Reddit would notify SDK maintainers when they make BC-breaking changes like this. :/

Anyway, I'll put out a hotfix for this soon. Thanks for the heads-up!

When can we expect a fix?

[enclave-marc-barry]

Bumping this issue, the current latest nuget release (1.5.2) of this library is non-functional for me :(

[sirkris]

I just haven't had time to work on it recently. I'm hoping to get something pushed out soon. Life just keeps getting in the way right now.

…

On Mon, Jan 20, 2025 at 1:46 PM Marc Barry ***@***.***> wrote: Bumping this issue, the current latest nuget release (1.5.2) of this library is non-functional for me :( — Reply to this email directly, view it on GitHub <#185 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFTJZOXKH5R52I4IV75XOT2LVVCHAVCNFSM6AAAAABLOB7UNKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMBTGI3DSMRUGY> . You are receiving this because you were assigned.Message ID: ***@***.***>

[enclave-marc-barry]

Understood @sirkris, anything we can do to help?

@janssen-io thanks for solving the issue and sharing binaries. For anyone else watching, I got @janssen-io's forked build to work by dropping the dll and pdb files from here into lib/ in my project directory, and editing csproj as follows:

1. Remove the reference to the existing nuget package until an update is available

   <PackageReference Include="Reddit" Version="1.5.2" />
   

2. Reference explicitly dependencies for @janssen-io's build

   <PackageReference Include="Newtonsoft.Json" Version="11.0.0" />
   <PackageReference Include="RestSharp" Version="106.6.9" />
   

3. Include DLLs with the build

   <ItemGroup>
     <Reference Include="Reddit.NET">
       <HintPath>lib/Reddit.NET/Reddit.NET.dll</HintPath>
     </Reference>
   </ItemGroup>