Closed
Bug 979009
Opened 10 years ago
Closed 10 years ago
sync failing with invalid-client-state
Categories
(Cloud Services Graveyard :: Server: Token, defect)
Tracking
(Not tracked)
VERIFIED
WORKSFORME
People
(Reporter: edwong, Unassigned)
References
Details
(Whiteboard: [qa+])
still trying to find STR but here's the error i'm getting right now
1393887410784 Sync.BrowserIDManager ERROR Background fetch for key bundle failed: AuthenticationError(TokenServerClientServerError({"now":"2014-03-03T22:56:50.782Z","message":"Authentication failed.","cause":"invalid-client-state","response_body":"{\"status\": \"invalid-client-state\", \"errors\": [{\"location\": \"body\", \"name\": \"\", \"description\": \"Unauthorized\"}]}","response_headers":{"content-type":"application/json; charset=UTF-8","date":"Mon, 03 Mar 2014 22:56:52 GMT","server":"nginx/1.4.4","x-timestamp":"1393887412","content-length":"111","connection":"keep-alive"},"response_status":401}))
1393887410785 Sync.Status DEBUG Status.login: error.login.reason.no_recoverykey => error.login.reason.no_recoverykey
1393887410785 Sync.Status DEBUG Status.service: service.client_not_configured => service.client_not_configured
|
||
Comment 1•10 years ago
|
||
That is expected to happen after you reset your password. Is that what you did? Hopefully it prompted you to "Reconnect to Sync" in the hamburger menu and pref panel.
Flags: needinfo?(edwong)
|
Reporter | |
Comment 2•10 years ago
|
||
somehow this account is hosed. I think these are my steps: 1. do something cause reauth flow 2. go into prefs > forget email 3. sign in with a different accout actual: you'll end up in this state. other info: 1. Chris used my account and repro'd this with my account 2. I could repro after restart 3. once i changed password, this fixed the problem.
Flags: needinfo?(edwong)
|
|
Reporter | |
Comment 3•10 years ago
|
||
Hmm. I invalidated my session forcing a reauth flow, and followed my steps - but that didn't repro this issue. So we don't have good STR still. :ckarlof who should investigate? It's a slight edge case but getting out of this state sucks.
Blocks: 905997
|
|
Reporter | |
Comment 4•10 years ago
|
||
I just repro'd this with using the TPS account user:crossweaveservices@restmail.net pw: crossweaveservicescrossweaveservices 1394165122714 Sync.BrowserIDManager ERROR Authentication error in _fetchTokenForUser: AuthenticationError(TokenServerClientServerError({"now":"2014-03-07T04:05:22.682Z","message":"Authentication failed.","cause":"invalid-client-state","response_body":"{\"status\": \"invalid-client-state\", \"errors\": [{\"location\": \"body\", \"name\": \"\", \"description\": \"Unauthorized\"}]}","response_headers":{"content-type":"application/json; charset=UTF-8","date":"Fri, 07 Mar 2014 04:05:23 GMT","server":"nginx/1.4.4","x-timestamp":"1394165123","content-length":"111","connection":"keep-alive"},"response_status":401})) 1394165122714 Sync.Status DEBUG Status.login: success.login => error.login.reason.no_recoverykey 1394165122714 Sync.Status DEBUG Status.service: success.status_ok => service.client_not_configured 1394165122714 Sync.SyncScheduler DEBUG Clearing sync triggers and the global score.
Component: Server: Firefox Accounts → Server: Token
|
||
Comment 6•10 years ago
|
||
The invalid-client-state is supposed to signal that you're logging in with an old password, and should re-login with your updated password. If you're in this state but are using the currently-valid FxA password, the only way out of it is to do a password reset. This is by design and as intended. So the question is: how did you get the TPS account into this state? And if it's there by accident, is it due to client or server shenanigans?
|
|
||
Comment 7•10 years ago
|
||
I'll also note that Bug 972070 has been known to put an account into this invalid-client-state by accident, due to using an assertion from the old account with the encryption keys from the new account.
|
|
||
Comment 8•10 years ago
|
||
Edwin, is this with Nightly or Aurora? Bug 972070 landed on 03-03-14 and hasn't been uplifted to Aurora yet.
|
|
Reporter | |
Comment 9•10 years ago
|
||
fyi: * I repro'd again with an older version of nightly. with a different account. * updated nightly to today 3/8, still repro * changed password * fixed - syncing as expected now. I'm assuming any users who previously didn't switch accounts before 3/3/14, will not be affected by this issue. Closing as fixed.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 10•10 years ago
|
||
running into this after changing my password, it blocks TPS from running. I changed it once, then back to fix the invalid client state. user:crossweaveservices@restmail.net pw: crossweaveservicescrossweaveservices 1394472871654 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472871654 Sync.Service DEBUG Caching URLs under storage user base: https://sync-2-us-east-1.sync.services.mozilla.com/1.5/71679/ 1394472871654 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472871654 Sync.AddonsReconciler INFO Registering as Add-on Manager listener. 1394472871654 Sync.AddonsReconciler DEBUG Adding change listener. 1394472871655 Sync.Tracker.History INFO Adding Places observer. 1394472871679 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472871680 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472871680 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472872098 Sync.BrowserIDManager ERROR fxa.getAssertion() failed with: 401 - Invalid authentication token in request signature 1394472872098 Sync.BrowserIDManager ERROR Authentication error in _fetchTokenForUser: AuthenticationError(Unable to get assertion for user) 1394472872099 Sync.Status DEBUG Status.login: success.login => error.login.reason.account 1394472872099 Sync.Status DEBUG Status.service: success.status_ok => error.login.failed 1394472872099 Sync.BrowserIDManager ERROR Background fetch for key bundle failed: AuthenticationError(Unable to get assertion for user)
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
||
Updated•10 years ago
|
Whiteboard: [qa+]
|
|
||
Comment 11•10 years ago
|
||
> fxa.getAssertion() failed with: 401 - Invalid authentication token in request signature
This is an FxA server error, failing to authenticate to get a fresh certificate. It doesn't appear related to the invalid-client-state issue. Are there additional logs that show interaction failing with the tokenserver?Flags: needinfo?(edwong)
|
|
Reporter | |
Comment 12•10 years ago
|
||
logged bug 981864 closing this
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Flags: needinfo?(edwong)
Resolution: --- → FIXED
|
||
Updated•10 years ago
|
Resolution: FIXED → WORKSFORME
|
||
Updated•1 year ago
|
Product: Cloud Services → Cloud Services Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•