Closed
Bug 1092080
Opened 10 years ago
Closed 10 years ago
Can't sign into Firefox Accounts - Invalid Token
Categories
(Cloud Services :: Operations: Miscellaneous, task)
Cloud Services
Operations: Miscellaneous
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: standard8, Unassigned)
References
Details
(Whiteboard: [qa+])
We're unable to log into Firefox accounts via Loop or Sync using the latest nightly or beta.
When attempting to do so, the following message is returned:
{"code":401,"errno":110,"error":"Unauthorized","message":"Invalid authentication token in request signature","info":"https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#response-format"}
This is happened on at least endpoints:
POST https://api.accounts.firefox.com/v1/certificate/sign
GET https://api.accounts.firefox.com/v1/recovery_email/status
STR:
1) Set up a new profile on Firefox Nightly or Firefox Beta
2) If on Beta, move the Hello button out of the customise options onto the toolbar
3) Open the Hello panel
4) Select "Sign in or sign up"
5) Enter the username and password on the tab that appears
Expected Results
- You get logged in
Actual Result
- It displays "Invalid Token"
The responses are as above.
Using profiles that have already been signed into the FxA server seem to work fine.
I've also reproduced this on a sync login.
|
||
Comment 1•10 years ago
|
||
We are seeing another 410 110 response (never seen before). It might be related.
E/GeckoConsole( 2206): Content JS LOG at app://loop.services.mozilla.com/js/helpers/client_request_helper.js:95 in _request/req.onload: ERROR 401: {"code":401,"errno":110,"error":"Malformed audience"}
|
|
||
Comment 2•10 years ago
|
||
(In reply to José Antonio Olivera Ortega [:jaoo] from comment #1)
> We are seeing another 410 110 response (never seen before). It might be
> related.
>
> E/GeckoConsole( 2206): Content JS LOG at
> app://loop.services.mozilla.com/js/helpers/client_request_helper.js:95 in
> _request/req.onload: ERROR 401: {"code":401,"errno":110,"error":"Malformed
> audience"}
We are sending the right audience:
E/GeckoConsole( 1761): Content JS LOG at app://loop.services.mozilla.com/js/utils.js:145 in u_parseClaimAssertion: Payload assertion {"exp":2203149669034,"aud":"app://loop.services.mozilla.com"}
|
|
||
Comment 3•10 years ago
|
||
(In reply to José Antonio Olivera Ortega [:jaoo] from comment #1)
> We are seeing another 410 110 response (never seen before). It might be
> related.
>
> E/GeckoConsole( 2206): Content JS LOG at
> app://loop.services.mozilla.com/js/helpers/client_request_helper.js:95 in
> _request/req.onload: ERROR 401: {"code":401,"errno":110,"error":"Malformed
> audience"}
Oops I forgot to comment that the trace I posted here was what the server responsed after sending a invalid assertion when hitting the same issue Mark reported. When the assertion is valid everything works.
|
||
Comment 4•10 years ago
|
||
1414763296893 Sync.BrowserIDManager ERROR Failed to fetch a token for authentication: AuthenticationError(TokenServerClientServerError({"now":"2014-10-31T13:48:16.889Z","message":"Authentication failed.","cause":"invalid-client-state","response_body":"{\"status\": \"invalid-client-state\", \"errors\": [{\"location\": \"body\", \"name\": \"\", \"description\": \"Unauthorized\"}]}","response_headers":{"content-type":"application/json; charset=UTF-8","date":"Fri, 31 Oct 2014 13:48:16 GMT","x-timestamp":"1414763296","content-length":"111","connection":"keep-alive"},"response_status":401}))
From 21.10.2014 up to now and still continues.
|
||
Comment 5•10 years ago
|
||
Quick note, Firefox Accounts was rolled back to a previous version (train-23) for now until we resolve the "invalid token" problem.
|
||
Updated•10 years ago
|
Whiteboard: [qa+]
|
||
Comment 6•10 years ago
|
||
After the rollback, things are mostly "normal". We're still investigating.
|
|
||
Comment 7•10 years ago
|
||
This should be resolved.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Comment 8•10 years ago
|
||
Michal, can you please open a separate bug for your "invalid-client-state" error if there isn't one already? I don't think it's related to the other issues seen in this bug.
Flags: needinfo?(mpurzynski)
|
|
||
Comment 9•10 years ago
|
||
How about I bundle entire directory with errors from 25.10 up to now in a separate bug? Is there anything sensitive there that should not be public?
Flags: needinfo?(mpurzynski)
|
||
Comment 10•10 years ago
|
||
Chris, Nick Desaulniers is seeing the bug 1059787 version of this behavior again on FxOS 2.0. He may be using an out-of-date build; he's not sure. Can you give me any detail about what fixed it on the server side?
Flags: needinfo?(ckarlof)
|
|
||
Comment 11•10 years ago
|
||
I don't think Bug 1059787 is related to this fix.
This bug here was an error talking to the FxA server endpoints. As far as I can tell it was triggered by a new deployment last week, and was fixed when we rolled back that deployment.
Bug 1059787 had been around for some time prior to that deployment and I would not expect it to have been fixed by the rollback. We've also never seen Bug 1059787 before with sync, whereas this bug was reproducible on sync. So I strongly suspect they are not related.
You need to log in
before you can comment on or make changes to this bug.
Description
•