Open Bug 985504 Opened 6 years ago Updated 2 years ago

Solicit user credentials once on receiving invalid-client-state response from server

Categories

(Firefox for Android :: Android Sync, defect, P5)

Firefox 29
All
Android
defect

Tracking

()

Tracking Status
fennec + ---

People

(Reporter: rnewman, Assigned: nalexander)

References

(Blocks 1 open bug)

Details

(Whiteboard: [qa+])

AaronMT just saw an odd situation in which both desktop and Android starting receiving invalid-client-state errors from the server.

This might well be a server bug, but still, there are things we should do better:

* On receiving invalid-client-state, either immediately or after a number of retries, transition to Separated, not Cohabiting.

* Ask the user for credentials, persisting a derivative of the old credentials to determine whether the user re-entered the old ones. If they entered the old ones again, there's no point continuing to ask; enter the Android account hard error state and be done.

There's a balance here between detecting a "real" problem -- perhaps the user's key changed elsewhere, and i-c-s is accurate -- and being robust against some kind of transient error.
are there STR?  Train-06, going out this afternoon, fixes a bug in js-client that has this same error.
Whiteboard: [qa+]
Removed, re-added desktop account, still stuck in a re-auth loop:

https://gist.github.com/AaronMT/7e8ed47d96736593a6e0
i suspect you're seeing this: https://bugzilla.mozilla.org/show_bug.cgi?id=982798

train6 should go out later today.
No password change attempted.
Per Bug 985611, it looks like something made a request to this account with an empty X-Client-State header.  This "should never happen" but clearly it has.  I'll file some bugs about server-side mitigation to prevent this in future.

You should be able to get the account out of this stage by resetting your password.  We'll work on a slightly less brutal recovery path.
(In reply to Ryan Kelly [:rfkelly] from comment #6)
> You should be able to get the account out of this stage by resetting your
> password.  We'll work on a slightly less brutal recovery path.

Confirmed working now by doing so.
tracking-fennec: --- → ?
Assignee: nobody → nalexander
tracking-fennec: ? → 31+
Being realistic about tracking, because we have lots and lots of things to do.

Do we still think this is a problem in the wild, chaps?
tracking-fennec: 31+ → +
filter on [mass-p5]
Priority: -- → P5
Product: Android Background Services → Firefox for Android
You need to log in before you can comment on or make changes to this bug.