Access token length check is too strict

[Shub77]

In _create_headers(self) method in OneDrive class there is a check which requires the Access Token length to be >=1800 bytes.

def _create_headers(self) -> None:
        """INTENRAL: Create headers for the http request to the Graph API."""
        # Check access token is reasonably long which should indicate that it is a valid access totken
        if len(self._access_token) < 1800:
            raise Exception(
                "Invalid access token was provided (too short), try clearing it from the config.json file."
            )
        # Set headers
        self._headers = {
            "Accept": "*/*",
            "Authorization": "Bearer " + self._access_token,
        }

The Access Tokens retrieved from my response urls are shorter, ~1024 bytes, but are valid ones. I modified the raise call so that it reports the lenght of the Access Token, see last line of traceback: 1164 bytes.

Traceback (most recent call last):
  File "src\graph_onedrive\_cli.py", line 323, in <module>
    raise SystemExit(main())
  File "src\graph_onedrive\_cli.py", line 35, in main
    authenticate()
  File "src\graph_onedrive\_cli.py", line 109, in authenticate
    onedrive = graph_onedrive.create_from_config_file(
  File "C:\Users\shub\Documents\programmazione\graph-onedrive\src\graph_onedrive\_main.py", line 71, in create_from_config_file
    onedrive_instance = create(
  File "C:\Users\shub\Documents\programmazione\graph-onedrive\src\graph_onedrive\_main.py", line 32, in create
    return OneDrive(
  File "C:\Users\shub\Documents\programmazione\graph-onedrive\src\graph_onedrive\_onedrive.py", line 78, in __init__
    self._create_headers()
  File "C:\Users\shub\Documents\programmazione\graph-onedrive\src\graph_onedrive\_onedrive.py", line 181, in _create_headers
    raise Exception(
Exception: Invalid access token was provided (too short, length: 1164), try clearing it from the config.json file.

Fixing the size check, I found out the token is valid and works, even if it is shorter than 1800 bytes.

[dariobauer]

@Shub77 I have made a fix to this. Let me know if this is resolved for you or if you are still experiencing issues.

[Shub77]

@Shub77 I have made a fix to this. Let me know if this is resolved for you or if you are still experiencing issues.

Now a warning is issued. This happens because the access_token I got is not in JWT format at all. As you wrote in the comment,
MS Docs note that Azure may not always use the jwt format, so I suppose this is what happens.

[dariobauer]

Per the OAuth specification, access tokens are opaque strings without a set format - some identity providers (IDPs) use GUIDs, others use encrypted blobs. The Microsoft identity platform uses a variety of access token formats depending on the configuration of the API that accepts the token. Custom APIs registered by developers on the Microsoft identity platform can choose from two different formats of JSON Web Tokens (JWTs), called "v1" and "v2", and Microsoft-developed APIs like Microsoft Graph or APIs in Azure have additional proprietary token formats. These proprietary formats might be encrypted tokens, JWTs, or special JWT-like tokens that will not validate.

I think the solution is to remove validation of the access token. If the token is invalid the graph api will return an error to a request.

I will include this change in the next release, but you should still be able to use the current release given it only issues a warning.

[Shub77]

Yes, thank you.

[dariobauer]

Latest commit has removed the access token validation.