Not 100% sure what causes it but sometimes on container resumption I see this error. I suspect hydroxide refreshes the access token expiry or rotates for a new one using the old one periodically, and this is failing due to the persisted token having expired. Interesting because for k8s and a restarting Docker-managed instance it should come back up fast enough to mitigate. Might only be a pain in the neck for developing. The bright side is of course a lot of our security concerns are mitigated if the tokens age out quickly (though a targeted attack would still work).
2020/12/26 10:58:45 request failed: POST https://mail.protonmail.com/api/auth/refresh: [10013] Invalid refresh token
2020/12/26 10:58:45 request failed: GET https://mail.protonmail.com/api/addresses: [403] Access token does not have sufficient scope
harleylang
commented
2 years ago
Not 100% sure what causes it but sometimes on container resumption I see this error. I suspect hydroxide refreshes the access token expiry or rotates for a new one using the old one periodically, and this is failing due to the persisted token having expired. Interesting because for k8s and a restarting Docker-managed instance it should come back up fast enough to mitigate. Might only be a pain in the neck for developing. The bright side is of course a lot of our security concerns are mitigated if the tokens age out quickly (though a targeted attack would still work).