Changing the environment doesn't invalidate my authentication token
BugImprovement
I have created environments for switching between different users using oAuth2. The clientId, tokenUrl or authorizationUrl stays the same, but the username and password are different.
This has been reported before
https://feedback.yaak.app/en/p/token-not-refreshing-when-switching-environments, but since the keys are clientId, tokenUrl and authorizationUrl, this doesn’t cause the token to switch when only the user credentials are different.
Wouldn’t it be best to use a full hash of the configuration of the authentication as a key? Right now, I always have to click “Delete Token” when I change my environments.
Windows2025.9.3
Still happens in 2026.3.0. As a workaround, I add the email to the Access Token URL (it seems to be ignored by the server), so the token does change when I change my environment.
Still a bit of an ugly workaround…
I have opened a merge request here: https://github.com/mountain-loop/yaak/pull/426
Does also happens for me, easiest way to see that issue is check the
TokenStoreArgs:When changing the user for the same backend (because of fine permission control) all properties stay the same and the cache is re-used.
A workaround (for me using Keycloak) was to add a dummy parameter to the Access token url:
This way, the username will always be used on the cache.
In https://github.com/mountain-loop/yaak/pull/426 the OP included the username as a key identifier, but this is not a generic way to do it, e.g., the
clientSecretcannot be exchanged for something else.A solution could also be to include the environment as an identifier for the hash, but then it causes issues if you login with one user, but want to exchange it without using an environment.