signed message works but needs to reinstall and configure the extension

[martgil]

Description: We have recently received concerns about the correct signed message appears invalid - which has been resolved by just reinstalling the extension as the user confirms.

Reference: https://mail.google.com/mail/u/human@flowcrypt.com/#inbox/FMfcgzGpFgmLZvDsTLCKhgRRDVLxhWhQ

However, another user which use Firefox tells that although the signed message started to work correctly after reinstalling the extension, whenever Firefox / FlowCrypt extension gets updated, the problem with the signed message iterates.

From user's feedback:

After each update of the add-on or Firefox, I have to uninstall, install and reconfigure the add-on.

Reference: https://mail.google.com/mail/u/human@flowcrypt.com/#inbox/FMfcgzGpFgrvPfdgkNNQcJQJzrSGmhph

In my perception, since the apps works after reinstallation - the problem shouldn't exist anymore. I can't find any possible root cause of it so far. The user also confirms that it is not a problem with Flowcrypt on Google Chrome.

[martgil]

@tomholub one of our users experienced this issue. I tried replicating the issue through flowcrypt.compatibility account but I'm unable to get the same error as it happens with an indefinite condition.

If by any chance you have experienced similar to this, please let me know. I will try to find the issue as much as I can.

[tomholub]

That is odd.

Could the user see if just restarting the browser after such update resolves the issue?

Also worth trying to see if, after an update (when it starts happening), whether manually deleting all public keys in Settings -> Additional Settings -> Contacts would fix the issue.

[martgil]

Hello, sir @tomholub,

I finally succeed in replicating the issue on my end. However, the consideration of how to fix it is still unclear to me.

For a better understanding of how exactly it happens, I have sent an email containing a short video clip that shows the problem. I will provide as much info as possible if needed. Thanks!

Test message to replicate the issue:

https://mail.google.com/mail/u/flowcrypt.compatibility@gmail.com/#search/ad/WhctKKXXGvBgPzdjmpphmjxfsLPwsMxRzPwCJNvbpMdHtPdKckfkJnlTPPhLwkLmvrcDFRL

[martgil]

@tomholub The user shared with us that clearing all public keys & restarting the browser doesn't help.

Although, the following method of installing the extension from the second most recent version works for me during my testing.

[tomholub]

That means it was likely a one-time problem (I mean - a particular problematic update). The user should not encounter it for future updates.

I suppose you cannot reproduce the same issue when updating old version of chrome extension to the most recent one?

[martgil]

I suppose you cannot reproduce the same issue when updating old version of chrome extension to the most recent one?

Actually, I did - I have experience it when updating from 8.2.0 -> 8.3.0 using Google chrome

What I can see similarities to reproducing this particular behavior for both firefox and chrome is that - after an update, the Google simply request for a re-connection of the account (reautheticate). Thats the one I can see why reinstalling or resetting the account works. I'm wondering why?

Exact error when viewing the message after an update from 8.2.0 -> 8.3.0

``` Failed to load thread due to the following error: at Function.GoogleAuth.apiGoogleCallRetryAuthErrorOneTime (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/js/common/api/email-provider/gmail/google-auth.js:98:50) at Function.Google.gmailCall (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/js/common/api/email-provider/gmail/google.js:36:33) at async Gmail.threadModify (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/js/common/api/email-provider/gmail/gmail.js:57:24) at async InboxActiveThreadModule.render (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/chrome/settings/inbox/inbox-modules/inbox-active-thread-module.js:50:21) url: chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/chrome/settings/inbox/inbox.htm?acctEmail=&threadId= provided ajax call stack: at Function.GoogleAuth.apiGoogleCallRetryAuthErrorOneTime (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/js/common/api/email-provider/gmail/google-auth.js:98:50) at Function.Google.gmailCall (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/js/common/api/email-provider/gmail/google.js:36:33) at async Gmail.threadModify (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/js/common/api/email-provider/gmail/gmail.js:57:24) at async InboxActiveThreadModule.render (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/chrome/settings/inbox/inbox-modules/inbox-active-thread-module.js:50:21) url: chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/chrome/settings/inbox/inbox.htm?acctEmail=&threadId= responseText(0, 1000): { "error": { "code": 403, "message": "Request had insufficient authentication scopes.", "errors": [ { "message": "Insufficient Permission", "domain": "global", "reason": "insufficientPermissions" } ], "status": "PERMISSION_DENIED", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT", "domain": "googleapis.com", "metadata": { "service": "gmail.googleapis.com", "method": "caribou.api.proto.MailboxService.ModifyThread" } } ] } } payload(0, 1000): [typeof:string] {"removeLabelIds":["UNREAD"],"addLabelIds":[]} at ajax (/extension/js/common/api/shared/api.ts:64:23) at apiGoogleCallRetryAuthErrorOneTime (/extension/js/common/api/email-provider/gmail/google-auth.ts:100:53) at gmailCall (/extension/js/common/api/email-provider/gmail/google.ts:21:28) at threadModify (/extension/js/common/api/email-provider/gmail/gmail.ts:56:24) ### Catch.reportErr calling stack ### # at Function.Catch.formatExceptionForReport (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/js/common/platform/catch.js:262:90) # at Function.Catch.onErrorInternalHandler (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/js/common/platform/catch.js:76:29) # at Function.Catch.reportErr (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/js/common/platform/catch.js:92:18) # at InboxActiveThreadModule.render (chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/chrome/settings/inbox/inbox-modules/inbox-active-thread-module.js:63:31) # # url: chrome-extension://bnkimgnppbbclohpnljfjmnlhobfnpnc/chrome/settings/inbox/inbox.htm?acctEmail=&threadId= # ###################### ```

I tried updating 8.2.8 -> 8.3.0 but works fine.

That means it was likely a one-time problem (I mean - a particular problematic update). The user should not encounter it for future updates.

That's what's in my mind too. It should be one time and not repetitive. Would it be worth it to refer him to install 8.2.8 or better the latest version?

[martgil]

sir @tomholub,

Exact error when viewing the message after an update from 8.2.0 -> 8.3.0

I would like to give more emphasis to the following error. I looked into the actual request and found out that once a browser extension updates, for some reason, the token seems to be invalidated.

Request made by the extension when viewing the message through extension web pages

request URL: https://www.googleapis.com/gmail/v1/users/me/threads/$threadid$/modify response: ``` HTTP/2 403 Forbidden some response headers... { "error": { "code": 403, "message": "Request had insufficient authentication scopes.", "errors": [ { "message": "Insufficient Permission", "domain": "global", "reason": "insufficientPermissions" } ], "status": "PERMISSION_DENIED", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT", "domain": "googleapis.com", "metadata": { "method": "caribou.api.proto.MailboxService.ModifyThread", "service": "gmail.googleapis.com" } } ] } } ```

403 is currently not part of isAuthErr where insufficient access token scope is reasonably be part of. That makes sense for causing the repetitive error that can only be solved by resetting the account or uninstalling the browser extension -> Google sends a new token.

So an invocation of refreshing a token can be one of the solutions if I'm not mistaken.

Just sharing what see all throughout my engagement with it -- just wanna help as much as possible 🙏🙇🏻‍♂️