Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OAuth2] Determine points where token refresh might not happen #6357

Closed
1 task
SamuAlfageme opened this issue Feb 14, 2018 · 3 comments
Closed
1 task

[OAuth2] Determine points where token refresh might not happen #6357

SamuAlfageme opened this issue Feb 14, 2018 · 3 comments
Assignees
@SamuAlfageme
Labels
p4-low Low priority research

Comments

@SamuAlfageme
Copy link
Contributor

SamuAlfageme commented Feb 14, 2018
edited
Loading

The other day, I was doing some stress checks in the context of owncloud/core#30365 (comment). For that, I adjusted the time for access token expiration on https://github.com/owncloud/oauth2/blob/2f99ecafca7ba2ba1e557dd39d7917bb44ac05ff/lib/Db/AccessToken.php#L52-L57 with way shorter periods (~20s). This contributed to find a potential issue.

  • The unauthorized reply to a PROPFIND is what normally triggers the refresh of the token on the client. However, if token expires before this op. is scheduled we don't have a way to refresh and recover the request that failed "Unauthorized".
  • Also, this works out for PROPFINDs since the client will "pool" again the WebDAV endpoint, but other request(s) need to be enqueued for later replay.

There are some places where this might lead to temporary, unexpected behavior. For now, the only place I've found to display this would be:

  • When setting up the account (on the last page of the wizard) just wait (1h default) for the expiration to happen and then, either:
    • Try to get the folder list (for selective sync)
    • Click on "Continue"

ezgif-1-4a6aa28595

Other good candidates, I can think of, where this might happen:

  • Creating a share
  • Accepting/dismissing a notification

I'll try to determine if more of these scenarios can pop up so we could place a refresh switch on them cc/ @ogoffart
@SamuAlfageme SamuAlfageme self-assigned this Feb 14, 2018
@ogoffart
Copy link
Contributor

Well, currently, too quick expiration will brake stuff.

For example, if the token expire during the sync, the sync will be stopped, and restarted.

It is true that some things could be improved.
And we need to indeed try to reconnect from the wizard if this failed.

@SamuAlfageme
Copy link
Contributor Author

@ogoffart yeah, the 20s expiration time was just a dirty trick used to force the behavior; but e.g. having the last wizard page open for more than 1h will cause this behavior with the default app state.

if the token expires during the sync, the sync will be stopped and restarted

This one is interesting; what about a large chunked upload? Could we wait for re-authentication and pick from the last chunk that failed? Trying to upload a large file with a flaky connection might result in constant failures due to token expires then.

@felixboehm felixboehm added p4-low Low priority and removed sev4-low labels May 3, 2018
@SamuAlfageme SamuAlfageme mentioned this issue Jun 13, 2018
Closed
@TheOneRing
Copy link
Contributor

Outdated

@TheOneRing TheOneRing closed this as not planned Won't fix, can't repro, duplicate, stale Feb 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SamuAlfageme SamuAlfageme

Labels
p4-low Low priority research
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@TheOneRing @ogoffart @felixboehm @SamuAlfageme