Goodreads Developers discussion

questions > Access token contains random-length comment

Comments Showing 1-3 of 3 (3 new)    post a comment »
dateDown arrow    newest »

message 1: by John (last edited Nov 02, 2014 02:06PM) (new)

John Chapman (jsatellite) | 3 comments When my app requests an access token from /oauth/access_token, it receives a two-line string containing both the token followed by a comment filled with random characters. When I subsequently try to use this string for authentication, it fails. The returned token looks like this:

<!-- reallylonglineofrandomcharactersthatgoesonforever -->

This sort of thing is usually done when a server thinks it's coming under attack. So does the Goodreads API think my app is a security risk? I'm merely going through the standard OAuth workflow. Of course I can strip the random characters off the access token string, but I'd rather not.

Any ideas? Thanks.

message 2: by Jeffrey (last edited Nov 05, 2014 03:23PM) (new)

Jeffrey (jeffwong) | 74 comments Mod
Our API isn't suspecting that your app is a security risk. This is a bug on our end because the random padding is only supposed to go on HTML responses, not XML. Thanks for bringing it to our attention and we'll look into fixing it.

However, the token still works, correct? Are you able to perform POSTs with it?

message 3: by John (new)

John Chapman (jsatellite) | 3 comments Everything seems to be working normally now. Thanks.

back to top