fix(trello): use OAuth Authorization header for attachment downloads#950
Merged
zbigniewsobiecki merged 1 commit intodevfrom Mar 18, 2026
Merged
Conversation
Trello's attachment download endpoint (/1/cards/{id}/attachments/{id}/download/...)
requires an Authorization: OAuth header and does NOT accept key/token query-param
auth, causing all attachment downloads to return 401 and downloadAttachment() to
return null (root cause of the image-download null warnings seen in run 6a3d92d5).
Switch from appending key/token as query params to passing an OAuth header via the
existing authHeaders parameter of downloadMedia() — the same pattern already used
by the JIRA client with Basic auth. Update all four downloadAttachment unit tests to
assert header-based auth and use realistic Trello attachment URLs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
trelloClient.downloadAttachment()was appendingkeyandtokenas query parameters to the URL. Trello's attachment download endpoint (/1/cards/{id}/attachments/{id}/download/{filename}) does not accept query-param auth — it requires anAuthorization: OAuthrequest header, causing 401s andnullreturns silently.downloadMedia(url, { Authorization: \OAuth oauth_consumer_key="...", oauth_token="..."` })— the same header-auth pattern the JIRA client already uses with Basic auth. TheauthHeadersparameter ofdownloadMedia()` already existed for exactly this purpose.downloadAttachmentunit tests to assert header-based auth (no query params on the URL, correctAuthorizationheader value). Test assertions usetoEqualfor clean object comparison, no type casts.Closes the image download null warnings first observed in run
6a3d92d5.Test plan
npx vitest run tests/unit/trello/client.test.ts— 53 tests passnpm test— 5963 tests pass, no regressionsnpx tsc --noEmit— no type errors🤖 Generated with Claude Code