Insomnia: [Bug] Switching environments will re-use a stale chained request value

Created on 18 Dec 2017 · 15Comments · Source: Kong/insomnia

Insomnia Version: 5.12.4
Operating System: Windows 10 Pro (10.0.16299.125)

Details

If a workspace contains a chained request value (e.g. a bearer token) and there is more than one environment (e.g. development and staging), if a request is executed in development that requires a chained request value, that value will persist if switching to the other environments.

Steps to Reproduce

Create "Development" environment
Create "Staging" environment
Create POST request which retrieves OAuth 2.0 Bearer token
Create GET request which requires Authorization: Bearer <token> header
Fill Auth Bearer Token value with Response => Body Attribute macro, executing the POST Token request from Step 3.
Execute request, and ensure bearer token was used in the request successfully
Switch environments
Execute the same request. Note that the previous bearer token was cached and used as part of the request (and, presumably, you will get either a 400 Bad Request or 401 Unauthorized error).

accepted

Source

qJake

👍4

Most helpful comment

This is very similar to issue #260
It would be awesome to see these 2 questions solved in a similar manner - like an option at the workspace level to reset all the stored responses/tokens when switching between environments.

fcottet on 4 May 2020

👍2

All 15 comments

👋 Thanks for opening your first issue! If you're reporting a 🐞 bug, please make sure
you include steps to reproduce it. If you're requesting a feature 🎁, please provide real
use cases that would benefit. 👪

To help make this a smooth process, please be sure you have first read the
contributing guidelines.

welcome[bot] on 18 Dec 2017

Hi @qJake, thanks for the great issue report!

To clarify, this is not a bug but a limitation of the feature. The Response => Body Attribute simply pulls the value from the latest response of that request, meaning it has no concept of environments.

I think this can actually be treated as a larger issue with environments in general. Perhaps environments should affect the user's workflow more than they do? For example, only showing responses sent using the currently-active environment would prevent this from being an issue _and_ possibly even be the desired outcome.

P.S. This does not solve the problem, but I'm curious... How come you are not using the official OAuth 2.0 support?

gschier on 18 Dec 2017

We interface with a custom third-party API we don't control, and they don't implement "proper" OAuth 2.0. I wish we could use it. 😄

I'm curious - you said it only pulls the last response from the referenced request - if there is no response, does it execute that request first in the background?

If so, would it be possible to just delete the "cache" upon an environment switch, so to speak? Or would that mess up some other use cases for environments...?

If it helps, I consider an environment an isolated entity - I would not want my staging responses being used in development, or worse, my production responses used somewhere else inadvertently. (Granted, this is just a random bearer token, but still.) We also use the environment switcher for accessing different client servers occasionally (we're talking a dozen or so, sometimes less) - so obviously any persistent data between those environments could present a problem (at the very least, auth won't work, as I reported ⏫).

For what it's worth, we just switched from Postman and I'm already loving Insomnia a lot more, so keep up the great work!

qJake on 19 Dec 2017

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] on 17 Feb 2018

Could this be marked as an enhancement for future work on environments? I just don't want it to get closed - I think it's still a viable addition to Insomnia!

qJake on 19 Feb 2018

I just ran into this using the official OAuth 2 support, it was completely unexpected. I certainly would like the "responses from one environment not available in another" feature. Would love to see that

devinsba on 19 Feb 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] on 20 Apr 2018

Bad stale bot! Bad!

Paging @gschier - can we switch this to an enhancement request so it doesn't get closed? Would love to see this functionality improve in future versions!

qJake on 23 Apr 2018

Yep, now it won't close 😄

gschier on 23 Apr 2018

🎉2

FWIW I just ran into the same issue -- we use bearer JWT tokens with multiple environments (dev, staging, prod, etc) and tokens are generated by scoping them to a single environment. Caching them across environments in my case was unexpected. What's the best way for us to help with this @gschier ?

jmillxyz on 5 May 2018

👍1

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] on 3 May 2019

Bad bot! No stale tag! This is still something I'd love to see - essentially having the history / response cache be per-environment instead of global. Would have numerous benefits!

qJake on 8 May 2019

Sorry about that. I was changing up the issue tag descriptions so the stale bot went on a rampage!

gschier on 8 May 2019

😄1

I have a follow-up suggestion to this that may work or be a bit easier to implement with regards to the suggestion above...

I noticed a new feature, Trigger Behavior, on the Response function. Would it be possible to add a new Trigger Behavior called "On Environment Change" that would cause the request to re-execute if the user switched environments? This would satisfy my previous concern about cross-contaminating environments and auth tokens.

Thoughts?

qJake on 24 May 2019

fcottet on 4 May 2020

👍2

Was this page helpful?

0 / 5 - 0 ratings