Speckle token - lack of error handling in specklepy


It seems that no proper authentication and error handling is performed in specklepy when a token is invalid or doesn’t have the correct accesses.

When a bad token is used (either completely invalid token, or does not have streams:write access), during operations.send() it attempts to send a request to the server, but at some point in the requests module a 401 error is returned, so the request was unauthorized. I didn’t look very closely into what happens next, but I believe it’s trying to somehow decode the response, but since it was unauthorized, that’s not possible, so finally the error we get is this:

This is the relevant code snippet:

# Create Speckle client
client = SpeckleClient(host=speckle_server_url)

# Authenticate Speckle client

# Initiate server transport
transport = ServerTransport(client=client, stream_id=stream_id)

# Convert MEP project to Speckle
speckle_project = project.to_speckle()

# Serialize the Speckle object
speckle_obj = operations.send(base=speckle_project, transports=[transport])

During the client.authenticate(), we would expect that it would be checked if the token is at all valid, but even with a completely invalid token, authenticated is still set to True.
And during the operations.send(), a proper error should be returned if the token is invalid or does not have proper access.


heya, thanks for reporting this!

this is totally one of those smaller issues that has come up before and been buried by other things :sweat_smile: sorry about that! totally agree that it’s important - I will bump it up in the priorities and try to get it out asap :sparkles:


I see! Thanks for bumping it up, and for the quick reply! :smiley:

1 Like


just letting you know that specklepy 2.5.2 is building now and should be available to download very soon!

this new version will give you a warning when constructing a client with an invalid token (though it won’t throw an exception so you can still use it for public read operations). the error should now be caught and raised as a SpeckleException in operations.send() if you try to send and get an invalid response back