finchClient.connect.sessions.new returns 401 for valid newly created accessToken

[isabinin]

HTTP 401 is returned for the following code snippet:
const accessTokenResponse = await finchAccessClient.accessTokens.create({ code: event.arguments.code, client_id: process.env.FINCH_CLIENT_ID, client_secret: process.env.FINCH_CLIENT_SECRET, redirect_uri: event.arguments.redirectUri ?? undefined, }); const finchClient: Finch = new Finch({accessToken: accessTokenResponse.access_token}); const createConnectSessionResponse = await finchClient.connect.sessions.new({ products: accessTokenResponse.products, customer_id: event.arguments.accountId, customer_name: accountName, integration: { provider: accessTokenResponse.provider_id, }, minutes_to_expire: 525600, // 1 year sandbox: "finch", });
Error response headers:
"headers": { "connection": "keep-alive", "content-length": "88", "content-security-policy": "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests", "content-type": "application/json; charset=utf-8", "cross-origin-opener-policy": "same-origin", "cross-origin-resource-policy": "same-origin", "date": "Wed, 09 Oct 2024 04:56:36 GMT", "etag": "W/\"58-QJN6fjo5fSoBFO57KQ4+ChQL4Zs\"", "finch-request-id": "dc8ad920-85fa-11ef-adc8-b3c324f42378", "origin-agent-cluster": "?1", "referrer-policy": "no-referrer", "strict-transport-security": "max-age=31536000; includeSubDomains", "x-content-type-options": "nosniff", "x-dns-prefetch-control": "off", "x-download-options": "noopen", "x-frame-options": "SAMEORIGIN", "x-permitted-cross-domain-policies": "none", "x-xss-protection": "0" }

[dgellow]

Hi @isabinin, what version of the finch SDK are you using? And could you try to install the latest version and tell us if that fixes the issue?

[isabinin]

"node_modules/@tryfinch/finch-api": {
  "version": "6.6.0",
  "resolved": "https://registry.npmjs.org/@tryfinch/finch-api/-/finch-api-6.6.0.tgz",
  "integrity": "sha512-C77GTTdYEU5EBe2qYi7jrFSS5GrSg8AK1ccgv0dnzqdHZIfe33CS94ydA+olRyZ4ev6c6lU/fLna+kViQ6iYeQ==",

[isabinin]

As you can see I use access token for authentication but I'm getting the following error message:
"message": "401 {"error":"client_id and client_secret are required in body or headers using basic auth"}",

Other Finch APIs (e.g. HRIS) are working fine with the same access token

[dgellow]

Thanks for the details, that does indeed look like an SDK issue. We are looking into it

[dtmeadows]

Hey @isabinin thanks again for flagging this! We should have a fix for this going out in release 6.7.0.

One small note though: you want to create a session before requesting an accessToken. There's a bit more details here on the ideal flow: https://developer.tryfinch.com/implementation-guide/Connect/Set-Up-Finch-Connect#create-a-connect-session

[isabinin]

The fix didn't resolve the issue, I'm getting the same error.

"finch-request-id": "6dec4cd0-8779-11ef-b8ee-97d3c1a3758c",

"node_modules/@tryfinch/finch-api": {
  "version": "6.7.0",

[dtmeadows]

Hey @isabinin could you share the code and the errors you're seeing this time around? The following snippet is working for me on 6.7.0:

const client = new Finch({
  clientId: 'client_id',
  clientSecret: 'client_secret',
});

const createConnectSessionResponse = await client.connect.sessions.new({
  products: ['ssn'],
  customer_id: 'customer_id',
  customer_name: 'customer',
  integration: { provider: 'provider_id' },
  minutes_to_expire: 129600,
});

[isabinin]

Thank you for the code sample, it didn't work with accessToken authentication, but it works with clientId/clientSecret auth.