forgejo-contrib-forgejo-cli-issues-406.md
Watch20
Star402
Fork
You've already forked forgejo-cli
CodeIssues 44Pull requests 8Releases 11Packages 2WikiActivity
Closed
opened 2026-04-10 16:31:51 +02:00 by balejk · 8 comments
balejk commented 2026-04-10 16:31:51 +02:00
Copy link
Commands such as fj issue view forgejo-contrib/forgejo-cli#405 will work as expected, i. e. show the issue description in this case.
An error is printed:
Error: api error: token was already used
Location:
src/keys.rs:132:36
fj was logged in via oauth only a day ago and all has worked fine until now.
I don't know if this is reproducible, but here is what I did: Authorized fj via oauth, used it for a day. Attempted to close an issue with --with-msg without any argument so that an editor was opened. Kept the editor running for about half an hour, then saved the close message and exited the editor. Instead of the issue being closed, the following error appeared, all subsequent commands now return the above error:
Error: unexpected status code 401 Unauthorized
Location:
src/issues.rs:892:9
fj Versionfj v0.4.1
user agent: forgejo-cli/0.4.1 (https://codeberg.org/forgejo-contrib/forgejo-cli/)
build type: from source
target: x86_64-unknown-linux-musl
Codeberg instance
fj issue view forgejo-contrib/forgejo-cli#405 will work as expected, i. e. show the issue description in this case. ### Actual Behavior An error is printed: Error: api error: token was already used Location: src/keys.rs:132:36 fj was logged in via oauth only a day ago and all has worked fine until now. ### Steps to Reproduce I don't know if this is reproducible, but here is what I did: Authorized fj via oauth, used it for a day. Attempted to close an issue with --with-msg without any argument so that an editor was opened. Kept the editor running for about half an hour, then saved the close message and exited the editor. Instead of the issue being closed, the following error appeared, all subsequent commands now return the above error: Error: unexpected status code 401 Unauthorized Location: src/issues.rs:892:9 ### fj Version text fj v0.4.1 user agent: forgejo-cli/0.4.1 (https://codeberg.org/forgejo-contrib/forgejo-cli/) build type: from source target: x86_64-unknown-linux-musl ### Forgejo Version Codeberg instance ### Code of Conduct - [x] I agree to act in accordance with the CoC & AI Agreement. - [x] This issue was not generated by an LLM, even in part.balejk added the Kind/Bug label 2026-04-10 16:31:51 +02:00
Cyborus commented 2026-04-11 17:08:58 +02:00
Member
Copy link
Yeah, I've run into this problem too, and I have no clue what's causing it. All I know so far is it only happens with OAuth.
Yeah, I've run into this problem too, and I have no clue what's causing it. All I know so far is it only happens with OAuth.
Cyborus added the [ Reviewed
Confirmed ](/forgejo-contrib/forgejo-cli/issues?labels=173007) label 2026-04-11 17:09:10 +02:00
balejk commented 2026-04-11 22:04:49 +02:00
Author
Copy link
I have not tried reauthenticating yet in case you asked me to perform some tests, but since you have run into this also, I assume you were able to perform all you could think of yourself and so I can relogin?
As for the problem, if I understand correctly, the issue is that the oauth refresh token that fj submits to forgejo in order to obtain a new access token, is somehow invalid. The message and the comment in the forgejo source would suggest that it is somehow outdated and is being reused but I don't know enough about oauth to know how/if refresh tokens are rotated.
Is it possible that the refresh token is not being updated (re-saved) somewhere in fj when it should be (e. g. after some operation which leads to a new token being issued)?
I have not tried reauthenticating yet in case you asked me to perform some tests, but since you have run into this also, I assume you were able to perform all you could think of yourself and so I can relogin? As for the problem, if I understand correctly, the issue is that the oauth refresh token that fj submits to forgejo in order to obtain a new access token, is somehow invalid. The message and the comment in the forgejo source would suggest that it is somehow outdated and is being reused but I don't know enough about oauth to know how/if refresh tokens are rotated. Is it possible that the refresh token is not being updated (re-saved) somewhere in fj when it should be (e. g. after some operation which leads to a new token being issued)?
Cyborus commented 2026-04-12 19:04:08 +02:00
Member
Copy link
No, you're fine to reauthenticate. I don't wanna hold you up too long. I've had it happen more than once, I'm sure I'll come across it again, I'll test it then.
Is it possible that the refresh token is not being updated (re-saved) somewhere in fj when it should be (e. g. after some operation which leads to a new token being issued)?
...maybe? The refresh token is used and replace in the same function though, I don't know how it would fail to replace it.
No, you're fine to reauthenticate. I don't wanna hold you up too long. I've had it happen more than once, I'm sure I'll come across it again, I'll test it then. > Is it possible that the refresh token is not being updated (re-saved) somewhere in fj when it should be (e. g. after some operation which leads to a new token being issued)? ...maybe? The refresh token is used and replace in the same function though, I don't know how it would fail to replace it.
Cyborus commented 2026-04-13 20:41:57 +02:00
Member
Copy link
The refresh token is used and replaced in the same function though
Ah! I think I've found the problem, and this is actually mistaken! If fj uses the refresh token, and you Ctrl+C to kill it in the same invocation, the new refresh token never gets written to disk.
> The refresh token is used and replaced in the same function though Ah! I think I've found the problem, and this is actually mistaken! If fj uses the refresh token, *and* you Ctrl+C to kill it in the same invocation, the new refresh token never gets written to disk.
balejk commented 2026-04-14 09:07:53 +02:00
Author
Copy link
I don't think I've killed fj though. I was thinking more something along the lines that the refresh token didn't get saved because the initial operation failed due to the 401 error -- although I don't know where that came from either.
Again, I know very little about oauth and in particular about how long the access token is valid, but if it happens to be shortlived, is it possible that fj obtained it along with the refresh token when I tried to close the issue but then it expired before I finished typing up the close message causing the 401 and the refresh token to not be saved?
As for the Ctrl+C, I really don't recall doing that. Some things that I have done (but I cannot recall when with respect to these errors) were: suspending the process briefly while in editor via Ctrl+Z which I don't expect should cause these problems; and causing the editor to fail (exit with non-zero code) in order to cancel the whole fj operation.
I don't think I've killed fj though. I was thinking more something along the lines that the refresh token didn't get saved because the initial operation failed due to the 401 error -- although I don't know where that came from either. Again, I know very little about oauth and in particular about how long the access token is valid, but if it happens to be shortlived, is it possible that fj obtained it along with the refresh token when I tried to close the issue but then it expired before I finished typing up the close message causing the 401 and the refresh token to not be saved? As for the Ctrl+C, I really don't recall doing that. Some things that I have done (but I cannot recall when with respect to these errors) were: suspending the process briefly while in editor via Ctrl+Z which I don't expect should cause these problems; and causing the editor to fail (exit with non-zero code) in order to cancel the whole fj operation.
Cyborus commented 2026-04-14 15:00:57 +02:00
Member
Copy link
I don't think I've killed fj though.
Huh. That's interesting if it reproduces it but isn't the only cause.
is it possible that fj obtained it along with the refresh token when I tried to close the issue but then it expired before I finished typing up the close message causing the 401 and the refresh token to not be saved?
That's almost certainly what caused the 401, but it should still write the new key in that case. There used to be a bug where it wouldn't, but (at least I thought) I fixed that.
As for the Ctrl+C, I really don't recall doing that. Some things that I have done (but I cannot recall when with respect to these errors) were: suspending the process briefly while in editor via Ctrl+Z which I don't expect should cause these problems; and causing the editor to fail (exit with non-zero code) in order to cancel the whole fj operation.
hmmm, those shouldn't have caused it either. Did you ever have two instances of fj running at the same time..? I could see that possibly causing it.
> I don't think I've killed fj though. Huh. That's interesting if it reproduces it but isn't the only cause. > is it possible that fj obtained it along with the refresh token when I tried to close the issue but then it expired before I finished typing up the close message causing the 401 and the refresh token to not be saved? That's almost certainly what caused the 401, but it should still write the new key in that case. There *used* to be a bug where it wouldn't, but (at least I thought) I fixed that. > As for the Ctrl+C, I really don't recall doing that. Some things that I have done (but I cannot recall when with respect to these errors) were: suspending the process briefly while in editor via Ctrl+Z which I don't expect should cause these problems; and causing the editor to fail (exit with non-zero code) in order to cancel the whole fj operation. hmmm, those shouldn't have caused it either. Did you ever have two instances of fj running at the same time..? I could see that possibly causing it.
balejk commented 2026-04-14 15:16:17 +02:00
Author
Copy link
hmmm, those shouldn't have caused it either. Did you ever have two instances of
fj running at the same time..? I could see that possibly causing it.
Oh, yeah, I certainly think I might have run some fj issue view... in another terminal while composing the close message, maybe even several times.
> hmmm, those shouldn't have caused it either. Did you ever have two instances of > fj running at the same time..? I could see that possibly causing it. Oh, yeah, I certainly think I might have run some fj issue view... in another terminal while composing the close message, maybe even several times.
Cyborus referenced this issue from a pull request that will close it, 2026-04-15 23:26:03 +02:00 fix(oauth): save new token immediately after refreshing #417
Cyborus added this to the v0.5.0 milestone 2026-04-15 23:42:27 +02:00
Cyborus closed this issue 2026-04-16 18:00:45 +02:00
balejk commented 2026-04-16 18:11:23 +02:00
Author
Copy link
Thanks!
Thanks!
❤️ 1
Sign in to join this conversation.
No Branch/Tag specified
main
renovate/lock-file-maintenance
renovate/serde-saphyr-0.x
docs/contributing
no-port-in-refspec
login/v16.next.forgejo.org
crates-io-publish
0.5.x
compile-time-fluent
0.4.x
localization-alias-demo
api_url_field
v0.5.0
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.1.1
v0.1.0
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels[ Kind/Breaking Breaking change that won't be backward compatible
](#)[ Kind/Bug Something is not working
](#)[ Kind/Design Discussion about UI/UX design
](#)[ Kind/Documentation Documentation changes
](#)[ Kind/Enhancement Improve existing functionality
](#)[ Kind/Feature New functionality
](#)[ Kind/Security This is security issue
](#)[ Kind/Testing Issue or pull request related to testing
](#)[ Kind/Upstream This is an issue with upstream software (Forgejo) that is probably not our fault
](#)
[ Priority
Critical The priority is critical
](#)[ Priority
High The priority is high
](#)[ Priority
Low The priority is low
](#)[ Priority
Medium The priority is medium
](#)
[ Reviewed
Confirmed Issue has been confirmed
](#)[ Reviewed
Duplicate This issue or pull request already exists
](#)[ Reviewed
Invalid Invalid issue
](#)[ Reviewed
Won't Fix This issue won't be fixed
](#)
[ Status
Abandoned Somebody has started to work on this but abandoned work
](#)[ Status
Blocked Something is blocking this issue or pull request
](#)[ Status
Need More Info Feedback is required to reproduce issue or to continue work
](#)
[ Suspicious
](#)
No labels Kind/Breaking Kind/Bug Kind/Design Kind/Documentation Kind/Enhancement Kind/Feature Kind/Security Kind/Testing Kind/Upstream [ Priority
Critical ](/forgejo-contrib/forgejo-cli/issues?labels=173012) [ Priority
High ](/forgejo-contrib/forgejo-cli/issues?labels=173013) [ Priority
Low ](/forgejo-contrib/forgejo-cli/issues?labels=173015) [ Priority
Medium ](/forgejo-contrib/forgejo-cli/issues?labels=173014) [ Reviewed
Confirmed ](/forgejo-contrib/forgejo-cli/issues?labels=173007) [ Reviewed
Duplicate ](/forgejo-contrib/forgejo-cli/issues?labels=173005) [ Reviewed
Invalid ](/forgejo-contrib/forgejo-cli/issues?labels=173006) [ Reviewed
Won't Fix ](/forgejo-contrib/forgejo-cli/issues?labels=173008) [ Status
Abandoned ](/forgejo-contrib/forgejo-cli/issues?labels=173011) [ Status
Blocked ](/forgejo-contrib/forgejo-cli/issues?labels=173010) [ Status
Need More Info ](/forgejo-contrib/forgejo-cli/issues?labels=173009) Suspicious
Milestone
Clear milestone
No items
No milestone v0.5.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
Notifications Subscribe
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".
No due date set.
Dependencies
No dependencies set.
Reference
forgejo-contrib/forgejo-cli#406
WritePreview
Loading…
Add table
| Rows | | | Columns | |
CancelOK
Add a link
Url Description Hint: With a URL in your clipboard, you can paste directly into the editor to create a link.
CancelOK
CancelSave
Reference in a new issue
Repository
forgejo-contrib/forgejo-cli
Title
Body
Create issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
No Yes