Closed Bug 2036792 Opened 13 days ago Closed 12 days ago

FxA Oauth Token destruction is racy.

Categories

(Firefox :: IP Protection, defect)

Product:
Firefox
Component:
IP Protection
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
152 Branch
Tracking Flags:
Tracking Status
firefox-esr140 --- unaffected
firefox150 --- unaffected
firefox151 --- unaffected
firefox152 --- fixed

People

(Reporter: sstreich, Assigned: sstreich, NeedInfo)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [fx-vpn])

Attachments

(1 file)

Bug 2036792 - make sure requests have concluded before desposing the token r=#ip-protection-reviewers
48 bytes, text/x-phabricator-request
Details

The changes in 2034525 allowed the option for the destroy path to be called before the /token request has concluded, this caused a flaky race situation.

Assignee: nobody → sstreich
Whiteboard: [fx-vpn]

Set release status flags based on info from the regressing bug 2034525

status-firefox150: --- → unaffected
status-firefox151: --- → unaffected
status-firefox152: --- → affected
status-firefox-esr140: --- → unaffected

If we don't await the call to guardian client but instantly return the promise, the FxA token destroy request will be sent while request to guardian is mid-flight.

Do you think that bug 2036612 might be related?

Pushed by sstreich@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/3efa4fcefd25 https://hg.mozilla.org/integration/autoland/rev/b4d3fe5dc9e9 make sure requests have concluded before desposing the token r=ip-protection-reviewers,fchasen,kpatenio
Duplicate of this bug: 2036612

https://hg.mozilla.org/mozilla-central/rev/b4d3fe5dc9e9

Status: NEW → RESOLVED
Closed: 12 days ago
status-firefox152: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 152 Branch

We have verified this using Firefox Nightly 152.0a1 (2026-05-05) build on Windows 11.
The VPN can e turned on. Is there something else that QA can verify here? Thank you!

Flags: needinfo?(sstreich)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: