-
Notifications
You must be signed in to change notification settings - Fork 63
Invalid OAuth Token from Chrome App Heartbeat #18
Comments
@iamgeef Did you ever get this resolved? I think I am encountering the same issue. |
I installed and ran a demo project in September, successfully. I have now tried to rebuild the GCP project and deploy. Connecting to the same gSuite configuration. The backend is working as expected. Recreated the chromebooks in the loan system. Logs have the same message as indicated above invalid tokens.Unable to get authorized scopes. (/base/data/home/apps/f~[[projectID]]/chrome:root-20181205.414461687226952207/external/endpoints_archive/endpoints/users_id_token.py:371) Device ID and serial number all check out in console logs. |
Note: I have rebuilt and redeployed the chrome app with new keys twice. It doesn't seem to be that. |
There is also the following warning. But I cant recall if that was there previously. multistore_file.py:62 |
All of our devices have started to show 'This device is not enrolled' error, despite previously being enrolled.
We used to get the issue sporadically, with no clue as to what was causing it as it was very random, but now it's very much permanent, preventing us from using the system.
I'm wondering if it's caused by exceeded a maximum number of granted (live) refresh tokens as referenced here: https://developers.google.com/identity/protocols/OAuth2#expiration, and if there's any system built in to resolve that?
Checking the Logs for the Chrome Endpoint, I can see that the heartbeat is returning a 401 back with:
I was previously seeing this intermittently - , I thought perhaps it was caused by returning a loan and starting a new loan too quickly but now it's constant.
I have tried:
Different Chromebooks, different users, factory reset of Chromebook(s), un-enroll and re-enroll in grab-n-go, hotspot to make sure it's not a network issue, leaving it alone for 24 hours, deploying a new version to app engine (albeit with no code changes made).
The only thing I'm yet to try is deploying a new version of the Chrome App, creating a new OAuth client, and sacrificing a goat.
Interestingly during one of my tests the heartbeat actually worked one time as it updated the Device to show that it was assigned to my user, even though the chrome app on the device kept saying 'Device not enrolled' but I haven't seen it since.
The text was updated successfully, but these errors were encountered: