Closed Bug 1551952 Opened 1 year ago Closed 1 year ago

Nightly repeatedly creating and deleting FxA Oauth tokens


(Firefox :: Sync, defect)

68 Branch
Not set



Firefox 68
Tracking Status
firefox68 --- fixed


(Reporter: jbuck, Assigned: glasserc)





(3 files)

Several Nightly users have reported a bug starting today (2019-05-15) where their sync logs show Error: HTTP 401 Unauthorized: Missing Authorization Token (Please authenticate yourself to use this endpoint.) for Sync.Engine.Extension-Storage.

Looking at the fxa-oauth request logs there's been 25x more requests per hour in calls to /v1/authorize and /v1/destroy by Nightly users compared to 2019-05-14 and other release channels: .

Regressed by: 1547995
17:12.06 INFO: No more inbound revisions, bisection finished.
17:12.06 INFO: Last good revision: b23f1b4655818d6d64517ddd7fa74fae1fbd9507
17:12.06 INFO: First bad revision: 8fb278dd620a5dab42e6ecc175ab7418ec62a72a
17:12.06 INFO: Pushlog:```

I think the new request made in is not being passed the relevant options.

I've opened to address the issue. Once this is reviewed and landed, we can cut another release of kinto.js. Landing that new release in mozilla-central should be straightforward.

It's a bit surprising the (somewhat extensive) tests didn't catch this. The mock server in toolkit/components/extensions/test/xpcshell/test_ext_storage_sync.js should have returned a 404 for this call. I would have expected this to be an exception.

This fixes the bug where the call to getData was not passing
authentication information.

I haven't figured out yet why the tests didn't catch it or written a test that would have, but here's a fix.

Ugh. OK I wrote a test that should catch it and it indicates that my fix was bad. So, don't merge this.

This doesn't apply to httpd requests, so give it a name that makes it
clear what applies to.

OK, so this test should catch it. I'm going to open another PR now that I think I fixed it. is the next attempt at a fix.

Attachment #9065284 - Attachment description: Bug 1551952: Update kinto-offline-client.js to v12.4.1 → Bug 1551952: Update kinto-offline-client.js to v12.4.2
Pushed by
Rename assertAuthenticatedRequest r=leplatrem
Check Authorization on all get requests r=leplatrem
Update kinto-offline-client.js to v12.4.2 r=leplatrem
Assignee: nobody → eglassercamp
You need to log in before you can comment on or make changes to this bug.