A customer reported that some of their players are experiencing lost progress. Upon investigation they found that the players with this issue had received different player IDs on their devices, usually an older player ID. The vast majority of these cases were ones that used 3rd party account linking as an account recovery mechanism. Deeper investigation revealed that the most common pattern was that a player would play as normal for about 10 days and then suddenly they would return to the game to be faced with practically zero progress and an older player ID; this appears to have been due to the refresh token stored on device mismatching the access token with which they had been previously playing.
To Reproduce
No one on the customer dev team nor within Beamable has been able to reproduce this in a controlled fashion. This appears to occur for about 1% of players--not so high as to be widespread, but not so low as to indicate an extremely rare condition such as the device crashing mid-write. The repro is further obscured by the fact that the issue might not become apparent until up to 10 days after whatever caused the mismatch.
Expected behavior
When the player's access token gets automatically refreshed by the SDK, it continues to belong to the same account with which they have been playing all along.
Actual behavior
Automatic token refresh appears to be refreshing to an older access token that belongs to a no-progress account, perhaps one that was automatically created through frictionless login and then discarded in favor of 3rd party account recovery.
Metadata
Please include,
SDK version: 1.19.17, 1.19.18
Operating System: iOS (GameCenter login)
Additional context
Because this is such a difficult issue to reproduce in controlled circumstances, it may behoove us to build in automatic telemetry tracking at junctures where access tokens and refresh tokens may change, so as to have an "audit trail" for on-device token changes. If we are storing info about token changes in durable places such as the analytics database, we must take great care not to expose sensitive information such as full tokens.
Describe the Bug
A customer reported that some of their players are experiencing lost progress. Upon investigation they found that the players with this issue had received different player IDs on their devices, usually an older player ID. The vast majority of these cases were ones that used 3rd party account linking as an account recovery mechanism. Deeper investigation revealed that the most common pattern was that a player would play as normal for about 10 days and then suddenly they would return to the game to be faced with practically zero progress and an older player ID; this appears to have been due to the refresh token stored on device mismatching the access token with which they had been previously playing.
To Reproduce
No one on the customer dev team nor within Beamable has been able to reproduce this in a controlled fashion. This appears to occur for about 1% of players--not so high as to be widespread, but not so low as to indicate an extremely rare condition such as the device crashing mid-write. The repro is further obscured by the fact that the issue might not become apparent until up to 10 days after whatever caused the mismatch.
Expected behavior
When the player's access token gets automatically refreshed by the SDK, it continues to belong to the same account with which they have been playing all along.
Actual behavior
Automatic token refresh appears to be refreshing to an older access token that belongs to a no-progress account, perhaps one that was automatically created through frictionless login and then discarded in favor of 3rd party account recovery.
Metadata
Please include,
Additional context
Because this is such a difficult issue to reproduce in controlled circumstances, it may behoove us to build in automatic telemetry tracking at junctures where access tokens and refresh tokens may change, so as to have an "audit trail" for on-device token changes. If we are storing info about token changes in durable places such as the analytics database, we must take great care not to expose sensitive information such as full tokens.