Unable to login with the built-in account

[johanw666]

Expected behavior I open Yalpstore, get a list of installed apps and press the "check for updates" button. Then I am asked which account to use and I try to login in Google Play with the built-in account.

Actual behavior I get a "Token despenser error 500 Server error". After this Yalp repeats the question and I have to kill it via the built-in task switcher.

Your setup Sony Xperia Z1 Compact, stock Android 4.4.4, YalpStore 0.43 (flashed with TWRP as system app).

Part of the logfile:

07-13 15:16:47.059 D/ForegroundUpdatableAppsTask(8769): com.github.yeriomin.yalpstore.CredentialsEmptyException caught during a google api request: CredentialsEmptyException
07-13 15:16:47.059 I/ForegroundUpdatableAppsTask(8769): Credentials empty

I can send the entire file if you like.

[gerroon]

Same here.

[m0ngr31]

Same issue

[johanw666]

When I use a personal account it works good. I would guess Google has blocked the built-in account.

[gerroon]

Aurora has the same issue.

[yeriomin]

@johanw666 @gerroon @m0ngr31 It appears token dispenser is overloaded with requests. A sudden spike in popularity maybe. Or someone is abusing it. I'm looking into it.

[johanw666]

I can use it again now on the same device, seems to have been a temporary issue.

[ale5000-git]

Maybe the problem can be fixed by implementing a query limit per hour for each IP (if there isn't already, I don't know).

[yeriomin]

@johanw666 It happens from time to time.

@ale5000-git It might be useful in future, but right now token dispenser seems to be overloaded with genuine requests. Adding another mirror might help.

[johanw666]

Let me see if I understand it correctly: this token dispensor runs on a server on your end, not Goopgle's end?

Perhaps a better error handling when this occurs would be nice. Having to kill the app via the task switcher is not nice.

[yeriomin]

@johanw666

this token dispensor runs on a server on your end, not Goopgle's end?

Correct. See here: https://github.com/yeriomin/YalpStore/blob/master/app/src/main/java/com/github/yeriomin/yalpstore/TokenDispenserMirrors.java

Perhaps a better error handling when this occurs would be nice.

There are 5 retries cycled through several token dispensers, after that Yalp Store tells you to use your own account. If it doesn't work like that, I'll need to see the logs.

[johanw666]

Ah, I didn't wait 5 for retries because I didn't know that. Perhaps a better indication that it will retry for X more times?

[yeriomin]

@johanw666 5 retries are happening in background. If you see the error, it means Yalp Store has tried 5 times and failed.

[juhi24]

Got this problem today for the first time.

[ElTopo]

I get "Token despenser error 503 Server error" today with the built-in account.

I then tried to log in using my personal account but failed too.

Yalp version: 0.43

[paja93]

Got this problem today, cleared cache, data, reinstalled... Same. Just downgraded to 0.42 and it's working.

[yeriomin]

@paja93 You got lucky. The problem is with an external component, which is not on your device.

[paja93]

@yeriomin well i updated again to latest version and it's working flawlessly now

[ghost]

@yeriomin got the same issue today... seems like Yalp and Aurora thiss issue seems to come up more frequently lately...

[Nemris]

My Yalp reports Token dispenser error 500 Server error. Latest Yalp version from F-Droid on LOS 15.1.

[LuccoJ]

Happening again for me. Maybe it would be useful (if possible) to have multiple built-in account, and have the app pick one randomly?

[yeriomin]

I've added rate limiting to the token dispenser a couple of days ago. So it should be more stable. Some ip addresses make hundreds of requests per day, but it is hard to say if they are done by several Yalp Store users behind a NAT, or someone is abusing it for some reason.

Unfortunately, it is really easy to swamp token dispenser with requests. Each request lasts 1-2 seconds because token dispenser has to make two network requests to get a token. The 500 error you see is a failure by the web server to create a thread for the current request. Making it work better would require either to move to a paid hosting or to introduce some nasty not-really-open-source request signing.

Your observations would be appreciated.

@LuccoJ

Maybe it would be useful (if possible) to have multiple built-in account, and have the app pick one randomly?

It has worked like that for over a year.

[emilhem]

It's still not working in the app (I have tried for almost every day in a time span of two months). When I tried fetch https://token-dispenser.herokuapp.com/token-ac2dm/email/yalp.store.user.seven%40gmail.com locally on my desktop it returned a string that I believe is the correct one. Maybe the app should have longer timeout or more delay between the attempts.

[sm4rk0]

It's happening again. Additional issue described by the OP is that you can't exit the account chooser by tapping Back.

[qazip]

I am also having a "Token dispenser" error..

[CryptGoat]

Also getting the token dispenser error with different error codes (500, 503 and 429).

Using Yalp 0.43.

[yeriomin]

Version 0.44 is out on github. It uses token dispenser less often. Combined with rate limiting on the token dispensers themselves, built-in account should now be available more often. But due to google rate limiting and the fact that I can not register an unlimited number of accounts, I cannot guarantee that this won't happen again, even on a paid hosting.

For a couple of weeks I've been collecting stats on one of the token dispensers to learn if there was abuse and how to prevent it. Here are some general stats:

Total requests: 993886 Unique requests: 132820 Request limit hits: 241584

403 296319 404 26235 500 76896 502 1 200 285202 429 308099

Which means... Yalp Store probably has several hundred thousand users. A quarter of requests looked like abuse (more than 10 requests within 5 minutes).

@CryptOwl 500 and 503 are hosting errors which means hosting is overloaded. 429 is token dispenser denying you because you specifically make requests too often.