keep getting routed back to "Connected accounts" page

[maxandersen]

when i log in on openshift.io (user: manderse@redhat.com) I keep getting asked to connect accounts:

i tried mulitple ways to connect accounts when I click "Connect Accounts" button it just comes back.

[joshuawilson]

@alexeykazakov can you please look into this and let me know if you need some UI help.

[alexeykazakov]

Cache issue again maybe? I see that manderse@redhat.com has all links set in KC. Not sure why UI doesn't see them. @maxandersen does it work in incognito mode?

[alexeykazakov]

@joshuawilson I could reproduce this issue. The problem is in UI requests to KC. It doesn't add the access token: Authorization:Bearer undefined So, it's rejected by KC. I couldn't reproduce it in incognito mode. So, looks like some issue with cache again?

[maxandersen]

i tried again just now and it showed the connect accounts page for a few seconds before it automatically moved on (!?!?!) and now it works.

didn't do anything besides NOT using te browser to goto openshfit.ui the last 24hrs or so...

[alexeykazakov]

I still can reproduce this issue. There is no token in local storage (if I'm looking at right place). I tried localStorage.getItem('access_token'); Null. But I'm logged in. Something wrong on UI side.

Works fine in incognito mode.

[alexeykazakov]

I see that UI tries to refresh the token and sending some old refresh token with an inactive session. It means that that refresh token was issued in previous login. After logout the token is not valid anymore and should not be used. UI for some reason still using it and refreshes fails. I suspect in this case UI just save null as a new refresh and access token which cause the OSO/GitHub token api failure.

So, looks lke there are two issues:

1. Front-end uses an old refresh token after re-login.
2. Front-end should not just silently set refresh/access tokens to null if token refresh failed. Especially right now when we refresh token every 10 minutes (which is overkill btw, refreshing token once a day is more than enough). There maybe some temporal problems with backend and token refreshing is not so critical. UI should just ignore refresh problems IMO.

[alexeykazakov]

Went through the whole cycle. Login-logout-login again. And I can confirm that UI doesn't update the tokens after re-login. Still using the old ones, which are not valid anymore!

[Preeticp]

I had a similar experience as Max. Clearing the history and starting in a fresh browser helped, did not need to go incognito. Thanks @alexeykazakov

[ibuziuk]

Having this problem on https://prod-preview.openshift.io/

[alexeykazakov]

Many people complain about that issue. It makes OSIO quite unusable if not used in a incognito mode. @joshuawilson could you please ask someone from the UI team to take a look?

[joshuawilson]

@dgutride do you have time to look at this? If not, I'll try to look at it next week.

[alexeykazakov]

@joshuawilson @dgutride any progress here? It's really becoming a blocker if you don't use incognito mode.

[dgutride]

@alexeykazakov - it's not happening for me locally and I have only seen it happen on one other person's box. We need a very clear repro case.

[alexeykazakov]

@dgutride unfortunately I can't reproduce it anymore. But maybe you can do a bluejeans session with @ibuziuk, so, he could help you to debug the problem.

[ibuziuk]

@dgutride @alexeykazakov I can not reproduce it on prod, but it happens for me every now and than on prod-preview - https://github.com/openshiftio/openshift.io/issues/1066

[joshuawilson]

I did see this once in a workshop, but after looking at the screen for a while it moved on. It appeared to be loading very slowly. That might be unrelated, I don't know.

[ibuziuk]

start getting this issue on prod - connect your GitHub and OpenShift.com accounts screen is never moving on for me

[joshuawilson]

@dgutride @dlabrecq maybe you could set up a time to view @ibuziuk system to see what is happening.

[dlabrecq]

I'm also stuck on the getting started page for prod -- preview seems to work.

[joshuawilson]

That is good news, because I can't reproduce it.

[alexeykazakov]

It's back for me too. Stuck on the getting started page in prod.

[dlabrecq]

Unfortunately, I cannot reproduce it locally. It's only when I login directly into prod, which I cannot debug easily.

[maxandersen]

It's only when I login directly into prod, which I cannot debug easily.

i'm curious - why is it harder to debug in prod vs prod-preview for you ? isn't this issue mainly about how the client side behaves on the responses it gets from server side ?

[dlabrecq]

The prod environment is uglified/minified, so I cannot view the JS code. I can add break points when building locally. However, I can still view requests, look at tokens in the local cache, etc.

[dlabrecq]

Capturing the openshift-platform conversation...

dlabrecq 10:10 AM Dana and I were debugging the getting started page and noticed the refresh OPTION request is returning 404. It appears that subsequent calls to retrieve tokens fail because of this? API: https://api.openshift.io/api/token/refresh RESPONSE: { "errors": [ { "code": "not_found", "detail": "/api/token/refresh", "id": "SAzSBlSf", "status": "404", "title": "Not Found" } ] }

akazakov 10:12 AM See: https://github.com/fabric8-ui/ngx-login-client/pull/84 10:12 AM now we need to promote it to prod

[alexeykazakov]

@dlabrecq just for clarification. The issue with token refresh (https://github.com/fabric8-ui/ngx-login-client/pull/84) is very new one. The issue with the getting started page was reproducible before too. So, they should not be related.

[alexeykazakov]

Another issue I started to notice. When I login (successfully) I redirected to the getting started page (the same as described above) but the top menu saying I'm not logged in. If I click on login again then I'm forwarded to the home page. The getting started page behaves very weird indeed:

[dlabrecq]

Yes, the getting started page is displayed whenever the tokens are not retrieved. In some cases, the tokens were actually retrieved from local storage, but the login service wipes that information clean because the refresh request failed.

The getting started page is only a symptom of a larger problem. There are underlying issues that must be resolved with the login and auth services as well.

[tsmaeder]

@alexeykazakov I saw the same behaviour today. Logging in on the _gettingStarted page fixed it for me.

[dlabrecq]

Seems to be working as expected now, after https://github.com/fabric8-ui/ngx-login-client/pull/84 was merged. That is, after clearing my cache to ensure the new refresh URL (https://api.openshift.io/api/login/refresh) is used. I'm no longer stuck on the getting started page.

[sbose78]

@joshuawilson was facing this in prod-preview few hours back. Did we get a chance to diagnose this?

[joshuawilson]

not yet, we will take a deeper look at it this week

[ldimaggi]

I saw this same issue - but only briefly - last week too: https://github.com/openshiftio/openshift.io/issues/1223

The problem only lasted about 10 min for me - this was in production.

[maxandersen]

okey so i constantly have this issue - with all of my accounts. Simply cannot get any reaction when I click connect accounts.nada.

lately trying to login with "maxiotest1" - if anyone want to try that I can share the credentials for debugging.

[maxandersen]

correction - I could login via safari browser and it did not ask me for connecting accounts.

in chrome even after repeatedly refreshing pages i keep getting stuck in connect accounts.

[joshuawilson]

@maxandersen can you verify that it is not a local cache issue by trying it in incognito mode?

[maxandersen]

incognito it works. trying same in non-incognito and it again asks me to connect github/openshift accounts and connect button doesn't work.

[joshuawilson]

If you clear your local cache it should work again. I think it has to do with storing old tokens.

[maxandersen]

If you clear your local cache it should work again. I think it has to do with storing old tokens.

If that works this is about the 3rd or 4th time I as "dumb user" have to clear local cache because we do an update. Why is that ?

[joshuawilson]

I thought we had fixed this too. We are looking into it.

[joshuawilson]

Based on the changes recently made this should be fixed. If you are still seeing it please reopen.

[maxandersen]

this is still happening on prod-preview. thus reopening.

[joshuawilson]

did you try refreshing, it might still have your old token

[maxandersen]

i'm sure some 4-5 reattempts of refresh and use of incognito will make me be able to login - but that is the actual bug: it should not be required by users to do that.

[dlabrecq]

I just tested on prod-preview. After clearing my browser's local storage, I no longer see the issue.

[joshuawilson]

@maxandersen I'm not saying it isn't a bug, but random guesses at what should work does not help define the issue. I had the same issue this morning and a simple refresh fixed it. If you need more then that we need to know.

[maxandersen]

I just tested on prod-preview. After clearing my browser's local storage, I no longer see the issue.

thanks for confirming it is not me ;)

so, is there something we can do to fix this ? I don't know of other sites at large where having to clear the browser cache and possibly try with incognito is required on a regular basis.

[joshuawilson]

We are working on fixing this. We need as many data points as we can get to figure out the cause.

[maxandersen]

i'm back at trying to log in and this time it let me in. only thing I changed afaics is that some time went by and I used a seperate tab to try again.

[joshuawilson]

Same for me. I suspect it has to do with the token.