Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh tokens disappearing #81

Closed
mrose17 opened this issue Dec 9, 2021 · 5 comments
Closed

Refresh tokens disappearing #81

mrose17 opened this issue Dec 9, 2021 · 5 comments
Assignees
@tackley
Labels
P1

Comments

@mrose17
Copy link
Member

mrose17 commented Dec 9, 2021

Somehow the refresh token for one of my rooms disappeared? How, I don't know. All I know is I went to the room and the JWT didn't have moderator-privileges. I am sure that I was in the room within the last 10 days!
@mrose17 mrose17 added the P1 label Dec 9, 2021
@tackley tackley self-assigned this Dec 13, 2021
@tackley
Copy link
Collaborator

tackley commented Dec 13, 2021

In both reported cases, the room was no longer present within the refresh element of the confabs localStorage entry. @mrose17 I believe you reported that your refresh element was completely empty, correct?

There are three different conditions that I can think of might cause this:

  1. The localStorage entry that contains jwts and refresh tokens got accidentally cleared, either by a code within brave-talk or some other interaction. It doesn't look like localStorage was completely reset, as both reporters were still logged in meaning that the skus:production local storage entry was still present.
  2. We incorrectly garbage collected the refresh tokens before they actually expired.
  3. A race condition occurs on reading / writing the JWT store which means that in some cases this data gets lots. This doesn't look likely as the store is read only within the fetchJWT method - however this method has may async calls within it, so this might be possible.

Without access to historical browser logs, it's difficult to diagnose further. However, to aid diagnosis in the future:
a. temporarily stop garbage collecting the refresh tokens so we can still inspect expired ones if this issue recurs.
b. change the logic of jwt store so it loads once on first request, and from that point on the in-memory copy is considered the master.

tackley added a commit that referenced this issue Dec 13, 2021
@tackley
Refresh tokens disappearing
e996d1e 
Don't think this is a fix, but should aid diagnosis:
- treat the in-memory copy of "confabs" as the master after initial load
- don't expire refresh tokens for now
- add a unit test
Re #81
@tackley tackley mentioned this issue Dec 13, 2021
Merged
@mrose17
Copy link
Member Author

mrose17 commented Dec 13, 2021

just to clarify: I did have refresh token for two other rooms that i created...

@mrose17
Copy link
Member Author

mrose17 commented Dec 13, 2021

i agree with the two changes (the first one being temporary until we figure out what's going on).

tackley added a commit that referenced this issue Dec 13, 2021
@tackley
Refresh tokens disappearing (#87)
077d976 
Don't think this is a fix, but should aid diagnosis:
- treat the in-memory copy of "confabs" as the master after initial load
- don't expire refresh tokens for now
- add a unit test
Re #81
@tackley tackley mentioned this issue Dec 13, 2021
Merged
@mrose17
Copy link
Member Author

mrose17 commented Jan 11, 2022

unable to reproduce. sigh (i think).

@mrose17 mrose17 mentioned this issue Feb 16, 2022
Closed
@mrose17
Copy link
Member Author

mrose17 commented Mar 8, 2022

Unable to reproduce, cf., #184

@mrose17 mrose17 closed this as completed Mar 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tackley tackley

Labels
P1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tackley @mrose17