[4.0] [OIDC] "No connection configured" after application access was removed in Keycloak

[michaelstingl]

Pre-submission Checks

• I checked for similar issues, but could not find any. I also checked the closed issues. I could not contribute additional information to any existing issue.
• I will take the time to fill in all the required fields. I know that the bug report may be dismissed otherwise due to lack of information.

Describe the bug

When 4.0 client starts after application access was removed in Keycloak, it shows misleading "No connection configured" message.

Expected behavior

Client should start with proper login prompt after token refresh failure.

Steps to reproduce the issue

1. Connect 4.0 desktop sync client to https://ocis.team.owncloud.works ✅
2. Restart 4.0 desktop sync client ✅ (testpilotcloud-0209_21.58.39.341.log.gz)
3. Quit 4.0 desktop sync client
4. Remove application access in Keycloak (https://keycloak.team.owncloud.works/auth/realms/oCIS/account/#/applications)
5. Launch 4.0 desktop sync client ➡️ "No connection configured" ⚠️ (testpilotcloud-0209_22.00.18.892.log.gz)
6. Quit 4.0 desktop sync client
7. Launch 4.0 desktop sync client ➡️ Prompts for login ✅ (testpilotcloud-0209_22.01.15.586.log.gz)

Screenshots

Desktop Client

(2) Restart 4.0 desktop sync client ✅	(5) Launch 4.0 desktop sync client ➡️ "No connection configured" ⚠️	(7) Launch 4.0 desktop sync client ➡️ Prompts for login ✅

Keycloak

Logs

https://cloud.owncloud.com/index.php/f/5963264

testpilotcloud-0209_21.58.39.341.log.gz
testpilotcloud-0209_22.00.18.892.log.gz
testpilotcloud-0209_22.01.15.586.log.gz

Client version number

% /Applications/testpilotcloud.app/Contents/MacOS/testpilotcloud --version    
sync.utility: migrateLaunchOnStartup: has launch agent plist: true has deprecated launch on startup: false
testpilotcloud testpilotcloud 4.0.0.10074-daily20230209
6ba0a9
Libraries Qt 5.15.8, OpenSSL 1.1.1t  7 Feb 2023
Using virtual files plugin: suffix
osx-22.2.0

Desktop environment (Linux only)

No response

Client package version and origin (Linux only)

No response

Installation path (Windows only)

No response

Server information

https://ocis.team.owncloud.works

ownCloud Web UI 6.0.0-rc.6 
Infinite Scale 2.0.0-rc.1 Community 

Additional context

No response

[michaelstingl]

After response from token endpoint:

23-02-09 22:00:19:457 [ info sync.httplogger ]:	"4f4e9011-7fa3-41b2-8066-1cb21901aed0:
Request: POST https://keycloak.team.owncloud.works/auth/realms/oCIS/protocol/openid-connect/token
Header: { Authorization: Basic [redacted], Content-Type: application/x-www-form-urlencoded; charset=UTF-8, User-Agent: Mozilla/5.0 (Macintosh) mirall/4.0.0.10074-daily20230209 (testpilotcloud, osx-22.2.0 ClientArchitecture: arm64 OsArchitecture: arm64), Accept: */*, X-Request-ID: 4f4e9011-7fa3-41b2-8066-1cb21901aed0, Original-Request-ID: 4f4e9011-7fa3-41b2-8066-1cb21901aed0, Content-Length: 914, }
Data: [client_id=XXXXXXXXXX&client_secret=XXXXXXXXXX&scope=openid%20offline_access%20email%20profile&grant_type=refresh_token&refresh_token=XXXXXXXXXX]"
23-02-09 22:00:19:541 [ info sync.httplogger ]:	"4f4e9011-7fa3-41b2-8066-1cb21901aed0:
Response: POST 400 (Error: Error transferring https://keycloak.team.owncloud.works/auth/realms/oCIS/protocol/openid-connect/token - server replied: Bad Request,83ms) https://keycloak.team.owncloud.works/auth/realms/oCIS/protocol/openid-connect/token
Header: { Cache-Control: no-store, Content-Length: 78, Content-Type: application/json, Date: Thu, 09 Feb 2023 21:00:19 GMT, Pragma: no-cache, Referrer-Policy: no-referrer, Strict-Transport-Security: max-age=31536000; includeSubDomains, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Xss-Protection: 1; mode=block, }
Data: [{\"error\":\"invalid_grant\",\"error_description\":\"Offline user session not found\"}]"
23-02-09 22:00:19:542 [ debug sync.credentials.http ]	[ OCC::HttpCredentials::fetchUser ]:	user already set, no need to fetch from settings
23-02-09 22:00:19:542 [ info sync.account ]:	Clearing cookies
23-02-09 22:00:19:542 [ info sync.credentials.manager ]:	del "testpilotcloud_credentials:ocis.team.owncloud.works:9975a730-c029-473d-8285-05779e0d16dd:http/clientSecret"
23-02-09 22:00:19:542 [ info sync.credentials.manager ]:	del "testpilotcloud_credentials:ocis.team.owncloud.works:9975a730-c029-473d-8285-05779e0d16dd:http/oauthtoken"
23-02-09 22:00:19:563 [ info sync.credentials.manager ]:	removed "testpilotcloud_credentials:ocis.team.owncloud.works:9975a730-c029-473d-8285-05779e0d16dd:http/clientSecret"
23-02-09 22:00:19:571 [ info sync.credentials.manager ]:	removed "testpilotcloud_credentials:ocis.team.owncloud.works:9975a730-c029-473d-8285-05779e0d16dd:http/oauthtoken"
23-02-09 22:00:22:352 [ debug gui.updater ]	[ OCC::SparkleUpdater::backgroundCheckForUpdate ]:	launching background check
23-02-09 22:00:22:355 [ debug gui.updater ]	[ -[DelegateObject updaterMayCheckForUpdates:] ]:	may check: YES
23-02-09 22:00:22:583 [ debug gui.updater ]	[ -[DelegateObject updater:didFinishLoadingAppcast:] ]:	
23-02-09 22:00:22:583 [ debug gui.updater ]	[ -[DelegateObject updaterDidNotFindUpdate:] ]:	
23-02-09 22:01:10:696 [ debug gui.account.manager ]	[ OCC::AccountManager::saveAccount ]:	Saving account "https://ocis.team.owncloud.works/"
23-02-09 22:01:10:698 [ info gui.account.manager ]:	Saving  0  unknown certs.
23-02-09 22:01:10:700 [ debug gui.account.manager ]	[ OCC::AccountManager::saveAccount ]:	Saved account settings, status: QSettings::NoError
23-02-09 22:01:10:700 [ info sync.credentials.manager ]:	set "testpilotcloud_credentials:ocis.team.owncloud.works:9975a730-c029-473d-8285-05779e0d16dd:http/oauthtoken"
23-02-09 22:01:10:700 [ info gui.account.manager ]:	Saving  0  unknown certs.
23-02-09 22:01:10:701 [ info gui.account.manager ]:	Saved all account settings, status: QSettings::NoError
23-02-09 22:01:10:716 [ info sync.database ]:	Closing DB "/Users/michaelstingl/testpilotcloud - Michael Test@ocis.team.owncloud.works/Desktop Test/.sync_journal.db"
23-02-09 22:01:10:716 [ debug sync.database ]	[ OCC::SyncJournalDb::commitTransaction ]:	No database Transaction to commit
23-02-09 22:01:10:716 [ info sync.database ]:	Closing DB "/Users/michaelstingl/testpilotcloud - Michael Test@ocis.team.owncloud.works/Personal/.sync_journal.db"
23-02-09 22:01:10:716 [ debug sync.database ]	[ OCC::SyncJournalDb::commitTransaction ]:	No database Transaction to commit
23-02-09 22:01:10:719 [ debug gui.socketapi ]	[ OCC::SocketApi::~SocketApi ]:	dtor

[TheOneRing]

Relevant message:

23-02-09 22:00:19:541 [ info sync.httplogger ]:	"4f4e9011-7fa3-41b2-8066-1cb21901aed0: Response: POST 400 (Error: Error transferring https://keycloak.team.owncloud.works/auth/realms/oCIS/protocol/openid-connect/token - server replied: Bad Request,83ms) https://keycloak.team.owncloud.works/auth/realms/oCIS/protocol/openid-connect/token Header: { Cache-Control: no-store, Content-Length: 78, Content-Type: application/json, Date: Thu, 09 Feb 2023 21:00:19 GMT, Pragma: no-cache, Referrer-Policy: no-referrer, Strict-Transport-Security: max-age=31536000; includeSubDomains, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Xss-Protection: 1; mode=block, } Data: [{\"error\":\"invalid_grant\",\"error_description\":\"Offline user session not found\"}]"

See:

client/src/libsync/creds/oauth.cpp

Line 662 in 0531ebd

newRefreshToken.clear();

[saw-jan]

Tested with ownCloud 4.0.0.10422-daily20230316 8e8490

Client:

(2) Restart 4.0 desktop sync client ✔️	(5) Launch 4.0 desktop sync client -> Prompts for login ✔️

Keycloak: