Been chasing this for a few days.
Had users reporting issues with various exporting tools in a powerup that i build.
After a lot of debugging and mails with individuals having this issue i found that
getRestApi().getToken()
returns “&error=Token%20request%20rejected” after a user have pressed “Deny” on the authorization popup when using something like:
.getRestApi().authorize({ scope: ‘read,write’, expiration: ‘never’ });
to get authorized to use the RESTApi. This is new, and not something it had done before. Before it raised an exception if i aren’t mistaken, at least that is what my code have been handling for years.
Now. If user deny, then it for whatever reason gets the “&error=Token%20request%20rejected“ value stored in the token on Trello’s side. This means that any getToken() calls from there on out think it has a valid token.
This causes getRestApi().isAuthorized() to return true when it should in fact be false as the token itself is a query string error indicating rejected.
I have had to work around this by making my own isAuthorized and own getToken methods that checks the token value and rejects those containing &error=.
Is this already on Trello’s radar? Must be causing havoc for some powerups, mine included 