Auth error after entering the password with a 15 minutes delay

mozilla-mobile / mozilla-vpn-client

A fast, secure and easy to use VPN. Built by the makers of Firefox.

https://vpn.mozilla.org

Other

459 stars 111 forks source link

Auth error after entering the password with a 15 minutes delay #5021

Open data-sync-user opened 1 year ago

data-sync-user commented 1 year ago

Mozilla VPN affected versions:

2.12 (2.202211171926);

Platform tested:

Windows 10;
MacOS 11.6;

Prerequisites:

Have Mozilla VPN app installed and open;
Have an account with subscription for Mozilla VPN;
Be on Stage server;

Steps to reproduce:

Open the Mozilla VPN app;
Click “Get started” button;
Enter a valid email address;
Wait few minutes (>15) before entering the password;
Observe the behavior;

Expected results:

Actual results:

“Authentication error Please try again” red banner is displayed and user is redirected to Get started screen;

┆Issue is synchronized with this Jira Bug ┆Reporter: Valentina Virlics

data-sync-user commented 1 year ago

➤ Andrea Marchesini commented:

This is a guardian issue. The authentication is completed from a FxA standpoint.

[25.11.2022 08:58:48.710] Debug: (main - AuthenticationInAppSession) Oauth code creation completed: {"code":"","state":"pkce-","redirect":"https://stage.guardian.nonprod.cloudops.mozgcp.net/oauth/success?code=&state=pkce-"}


But then guardian responds with:
[25.11.2022 08:58:49.528] Error: (networking - NetworkRequest) Network error: Error transferring https://stage-vpn.guardian.nonprod.cloudops.mozgcp.net/oauth/success?code=&state=pkce- - server replied: Bad Request status code: 400 - body: {"detail":"invalid_token"}

It would be nice if we can at least return a different error code (“timeout”?)
Sarah Bird Jeremy Swinarton thoughts?


            
            
                data-sync-user
                commented
                 1 year ago            
            
                ➤ Jeremy Swinarton commented:
Andrea Marchesini I just looked into this. We have a 20 minute timeout on the Guardian PKCE tokens. However, it would be trivial to change the return value to “token_expired” in the next Guardian release if that would help surface this error better for the user.
            
        
            
            
                data-sync-user
                commented
                 1 year ago            
            
                ➤ Andrea Marchesini commented:
Jeremy Swinarton do you think it makes sense to be in sync with the auth timeout (if it exists) in FxA?
            
        
            
            
                data-sync-user
                commented
                 1 year ago            
            
                ➤ Sarah Bird commented:
Santiago Andrigo can i get a priority from you. I think I’d put this at low.
            
        
            
            
                data-sync-user
                commented
                 1 year ago            
            
                ➤ Santiago Andrigo commented:
Agreed.
            
        
            
            
                data-sync-user
                commented
                 1 year ago            
            
                ➤ Valentina Virlics commented:
Still reproducing on latest 2.17.
            
        
    
    
            

    
        
            ©  Githubissues.
            Githubissues is a development platform for aggregating issues.