I'm trying to host a discord bot on Heroku.
When it starts I get this error:
"UnhandledPromiseRejectionWarning: Error [TOKEN_INVALID]: An invalid token was provided".
But here is the weird part. It worked fine when I tested it first in Visual Studio Code. So in the process of me getting the files into Heroku, it got invalid.
Does anyone have a clue of how I can fix this?
Thx for any replies in advance.
Deploying app on heroku you have to change you client.login(token) to client.login(process.env.token) and add token to
as token - key and value - token copied from discord developers portal, remember (important note!) letters has to be the same, I mean, if you use capitals in process.env.TOKEN, the config var has to be now TOKEN.
I run into a similar problem, i encrypted the token so that i could store the encrypted token on heroku and decrypt it in the js to pass the actual token to the login method.
The weird part is, if i write the token directly as string into the js file or i use heroku and store it directly there, then it works. But if i store the encrypted token in heroku and decrypt it (and yes it is correctly decrypted) and give the decrypted token to the login method then it does not work.
I dunno if heroku make some weird stuff or discord.js doesnt support something i dont know...
So, what definitly works is:
You insert the token (client secret) on herokus config vars (settings from your dyno), then you use process.env.BOT_TOKEN and pass it to your Discord.Client().login().
I assume in your case its bot.login(process.env.BOT_TOKEN).
So for me it looks like the value i store in heruko and the value i send to discord must be the same...
You should enter a valid Discord bot token. You can obtain it by going to the Discord Developer Portal, then "Applications", select your bot, then go to "Bot" and click "Copy" under the token (it says click here to reveal).
I also encountered this situation.
I discovered that when using dotenv to read data from a .env file (Run on my computer), the names are not case sensitive. (could be wrong)
For example, TOKEN will be able to be treated as token, meaning when process.env.token can be returned with the value of TOKEN in the .env
file
But when I run on Heroku, what I just said will be gone (process.env.token will not return the value of TOKEN, but the token). Try double-checking that the name matches and correct it.
Like you've said, you logged into your bot with bot.login('TOKEN', () => { console.log; }
but bot.login doesn't support callback functions.
What I mean by this is, instead of the code before, you change it to bot.login('TOKEN').
Related
I have a laravel / angular app secured with tymon/jwt-auth.
Now I need a seperate Laravel (or Lumen) API. I want this API to accept the same tokens as the first one. I assumed that this would work if I would set the same secret and mount the middleware.
It doesn't. Using a freshly generated token I can query the first API but not the new one. Why is that? Is something else besides the secret used to verify the token?
What would be a good way to make this work? I would not mind to make a completely new authentication.
Edit: So it seems like a connection to the database is need to verify the token. Maybe it checks if the user specified in the token is actually present in the DB?
Edit2: Tore Nestenius commented about Aud-Claims. I wanted to go to the config/jwt.php file to check on that. But I had forgotten to create one. Now it works.
The aud claim in the token must match what both API's expect to see in the access token. I am glad my comment helped you to solve your issue.
I am using Laravel as my backend together with Sanctum which generates personal access token for mobile users. For my mobile application I am using flutter.
To authenticate users they login with their username/password and get a personal access token in return. This works but requires a user to login every time they open the application again so I did what most tutorials suggest which is saving the token on the mobile device using shared preferences/secure storage.
Now comes the question how do you invalidate a user when you remove their token from the backend? On initial login it appears everything is still fine because like in most tutorial I check for the existence of a token. After that whenever I want to make a request which uses the token I obviously run into problems because it not longer exists on the backend.
Most tutorials/guide suggest saving the token and using that a reference to see if the user is logged in or not but this seems flawed because it gives the false impression you actually have a valid token.
My guess is this can be solved by always performing a heartbeat/ping action to check if the current token is valid and if not send them to the login screen instead of simply checking for the existence of the token.
Thoughts on this?
I can suggest a hack or trick here in every launch of the app you can send a request to an API to check if the user's token is valid or not and if it is valid then you can continue the app otherwise force the user to login and generate new token this way your app will be secure via server / API.
For this, you can store the user's secret token in the database and check it via HTTP API call and send a response from the API accordingly and check the response in app and do the next operation according to the response you get.
I don't know if this is a great way of doing this job but it is a kind of hack/trick to achieve what is needed.
Thanks
For my local testing
I am trying to get and save the user's access token from slack.
The first step is to get user's permission, I am trying to redirect the user to the following URL -
https://slack.com/oauth/v2/authorize?scope=commands,bot&client_id=<MY_CLIENT_ID>&redirect_uri=https://localhost:3000/slack-verify/
The request then redirects the user(currently me) to
https://<MY-WORKSPACE>.slack.com/oauth?client_id=<CLIENT_ID>&redirect_uri=https%3A%2F%2Flocalhost%3A3000%2Fslack-verify%2F&state=&scope=commands%2Cbot&user_scope=&granular_bot_scope=1&team=&install_redirect=&single_channel=0&tracked=1
Ideally it should return with a code in GET parameters, but it displays an error on the screen -
<APP NAME> could not be installed. Error details
Invalid permissions requested
What is wrong here?
Edit : Replaced localhost with an ngrok URL as well, but that does not work as well.
steps to reproduce
https://slack.com/oauth/v2/authorize?scope=commands,bot&client_id=<MY_CLIENT_ID>&redirect_uri=https://localhost:3000/slack-verify/
just put your client id and redirect uri local if any.
Redirecting to your ngrok address generally works perfectly.
To make it work you need to
have the ngrok app running your your local machine and
include your personal ngrok address in the call the Slack.
It should look something link this:
https://slack.com/oauth/v2/authorize?scope=commands,bot&client_id=<MY_CLIENT_ID>&redirect_uri=https://12345678.eu.ngrok.io/slack-verify/
In my case, adding im:write permission to the user token scopes was causing this issue. Slack doesn't provide any helpful error message, hence debugging becomes harder.
Changing "User Token Scopes" back to identity.basic and identity.email, made it work.
im am experiencing problems with the email validation in the appcelerator platform. I have everything configured right and the email arrive in my inbox when a new user is created, but, for some reason, the link to activate the account returns: Fail to confirm user. 400 Bad Request - Invalid app key
I checked in the tiapp.xml and checked if the api keys are properly configured and everything is alright. I have no idea of how appcelerator generate this link to verify what happen. In my template uses the link below:
https://cloud.appcelerator.com/users/confirmation?key={{key}}&confirmation_token={{confirmation_token}}
What im doing wrong? =[
Seems that the documentation is wrong. Only works if the link in the template is https://platform.appcelerator.com/#/users/confirmation/{{key}}/{{confirmation_token}}
I just encountered the same issue and can confirm the bug in the documentation. The correct url is indeed
https://platform.appcelerator.com/#/users/confirmation/{{key}}/{{confirmation_token}}
I'd like to add that there is probably a similar defect in the following documentation for password reset url:
http://docs.appcelerator.com/arrowdb/latest/#!/api/Users-method-request_reset_password
The documentation says the password reset url (if using Appcelerator instead of custom website) should be
https://dashboard.appcelerator.com/#/users/confirmation/{{key}}/{{confirmation_token}}
It seems wrong (copy-paste from email confirmation url perhaps).
I'm new to the Facebook Marketing API and I'm trying to run the example custom_audience_utils.py script only to have it return an error message displaying "Invalid appsecret_proof provided in the API argument". I turned off appsecret_proof in my app. What am I don't wrong?
I was getting the same error. It turned out that I was using the wrong access token. You might want to check that.
I had generated the access token using the Graph API Explorer. By default the Graph API explorer generates a token for itself (see the application selection pull down on the top right of the page). I was using the app id for my own app (and hence the token was incorrect).
Once I generated a new token for my own app - and used it in the code - the appsecret_proof error went away.
Hope this helps.