New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 887136 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Sep 24
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Enrollment/Device sync requests often result in authenication error

Project Member Reported by nohle@chromium.org, Sep 19

Issue description

If an enrollment or device sync is requested soon after logging in (maybe other times), the first attempt usually fails with the error

[ERROR:cryptauth_device_manager_impl.cc(666)] GetMyDevices API failed: [authentication error]

or

[WARNING:cryptauth_enroller_impl.cc(139)] SetupEnrollment API failed with error: [authentication error]

The CryptAuth client is currently not waiting for a non-empty access token to be retrieved. The culprit appears to be the use of kImmediate instead of kWaitUntilAvailable here: https://cs.chromium.org/chromium/src/components/cryptauth/cryptauth_client_impl.cc?l=296&rcl=eebbaf9cc76e0993b1edb05473a8989a7a99a6d4
 
Project Member

Comment 1 by bugdroid1@chromium.org, Sep 20

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/34485d36a31e8b475e3dcc2be66eaab1ed73b23a

commit 34485d36a31e8b475e3dcc2be66eaab1ed73b23a
Author: Josh Nohle <nohle@google.com>
Date: Thu Sep 20 00:52:08 2018

Wait for access token before making CryptAuth API calls

Before the CryptAuthClient attempts to make an API call, it fetches an
OAuth2 access token. However, currently the client does not wait for the
access token to become available before proceeding. This can lead to
empty access token strings and errors such as

[ERROR:cryptauth_device_manager_impl.cc(666)]
GetMyDevices API failed: [authentication error]

and

[WARNING:cryptauth_enroller_impl.cc(139)]
SetupEnrollment API failed with error: [authentication error].

Here, we change PrimaryAccountAccessTokenFetcher's mode from
|kImmediate| to |kWaitUntilAvailable|. From
PrimaryAccountAccessTokenFetcher's header file:

  |kImmediate|: Makes one-shot immediate request.
  |kWaitUntilAvailable|: Waits for the primary account to be available
  before making the request.  In particular, "available" is defined as
  the moment when (a) there is a primary account and (b) that account
  has a refresh token.

Bug:  887136 
Change-Id: I745e0bb3f3ef1bc3226e46147fcb699c101d12dd
Tested: Manual
Reviewed-on: https://chromium-review.googlesource.com/1235284
Reviewed-by: Kyle Horimoto <khorimoto@chromium.org>
Commit-Queue: Josh Nohle <nohle@chromium.org>
Cr-Commit-Position: refs/heads/master@{#592640}
[modify] https://crrev.com/34485d36a31e8b475e3dcc2be66eaab1ed73b23a/components/cryptauth/cryptauth_client_impl.cc

Status: Fixed (was: Started)
Cc: nohle@chromium.org khorimoto@chromium.org jlklein@chromium.org jhawkins@chromium.org hansberry@chromium.org
Labels: -Type-Bug -Pri-2 -M-71 Merge-Request-70 M-70 Pri-1 Type-Bug-Regression
Status: Started (was: Fixed)
Requesting merge to M-70. This CL is needed to fix a regression in M-70 which occurred due to https://chromium-review.googlesource.com/c/chromium/src/+/1107715.

User-visible bug is that multi-device features fail to work for first-time users (i.e., users who have just signed into a Chromebook for the first time).
Components: -UI>ProximityAuth UI>Multidevice
Project Member

Comment 5 by sheriffbot@chromium.org, Sep 21

Labels: -Merge-Request-70 Merge-Review-70 Hotlist-Merge-Review
This bug requires manual review: M70 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: -Merge-Review-70 Merge-Approved-70
Project Member

Comment 7 by bugdroid1@chromium.org, Sep 24

Labels: -merge-approved-70 merge-merged-3538
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/60a34b2b7a302b6a2b0933abffc6d7eb42c0b0cf

commit 60a34b2b7a302b6a2b0933abffc6d7eb42c0b0cf
Author: Kyle Horimoto <khorimoto@google.com>
Date: Mon Sep 24 21:29:36 2018

Wait for access token before making CryptAuth API calls

Before the CryptAuthClient attempts to make an API call, it fetches an
OAuth2 access token. However, currently the client does not wait for the
access token to become available before proceeding. This can lead to
empty access token strings and errors such as

[ERROR:cryptauth_device_manager_impl.cc(666)]
GetMyDevices API failed: [authentication error]

and

[WARNING:cryptauth_enroller_impl.cc(139)]
SetupEnrollment API failed with error: [authentication error].

Here, we change PrimaryAccountAccessTokenFetcher's mode from
|kImmediate| to |kWaitUntilAvailable|. From
PrimaryAccountAccessTokenFetcher's header file:

  |kImmediate|: Makes one-shot immediate request.
  |kWaitUntilAvailable|: Waits for the primary account to be available
  before making the request.  In particular, "available" is defined as
  the moment when (a) there is a primary account and (b) that account
  has a refresh token.

TBR=nohle@google.com

(cherry picked from commit 34485d36a31e8b475e3dcc2be66eaab1ed73b23a)

Bug:  887136 
Change-Id: I745e0bb3f3ef1bc3226e46147fcb699c101d12dd
Tested: Manual
Reviewed-on: https://chromium-review.googlesource.com/1235284
Reviewed-by: Kyle Horimoto <khorimoto@chromium.org>
Commit-Queue: Josh Nohle <nohle@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#592640}
Reviewed-on: https://chromium-review.googlesource.com/1241564
Cr-Commit-Position: refs/branch-heads/3538@{#604}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
[modify] https://crrev.com/60a34b2b7a302b6a2b0933abffc6d7eb42c0b0cf/components/cryptauth/cryptauth_client_impl.cc

Labels: Merge-Merged-70-3538
The following revision refers to this bug: 
https://chromium.googlesource.com/chromium/src.git/+/60a34b2b7a302b6a2b0933abffc6d7eb42c0b0cf

Commit: 60a34b2b7a302b6a2b0933abffc6d7eb42c0b0cf
Author: khorimoto@google.com
Commiter: khorimoto@chromium.org
Date: 2018-09-24 21:29:36 +0000 UTC

Wait for access token before making CryptAuth API calls

Before the CryptAuthClient attempts to make an API call, it fetches an
OAuth2 access token. However, currently the client does not wait for the
access token to become available before proceeding. This can lead to
empty access token strings and errors such as

[ERROR:cryptauth_device_manager_impl.cc(666)]
GetMyDevices API failed: [authentication error]

and

[WARNING:cryptauth_enroller_impl.cc(139)]
SetupEnrollment API failed with error: [authentication error].

Here, we change PrimaryAccountAccessTokenFetcher's mode from
|kImmediate| to |kWaitUntilAvailable|. From
PrimaryAccountAccessTokenFetcher's header file:

  |kImmediate|: Makes one-shot immediate request.
  |kWaitUntilAvailable|: Waits for the primary account to be available
  before making the request.  In particular, "available" is defined as
  the moment when (a) there is a primary account and (b) that account
  has a refresh token.

TBR=nohle@google.com

(cherry picked from commit 34485d36a31e8b475e3dcc2be66eaab1ed73b23a)

Bug:  887136 
Change-Id: I745e0bb3f3ef1bc3226e46147fcb699c101d12dd
Tested: Manual
Reviewed-on: https://chromium-review.googlesource.com/1235284
Reviewed-by: Kyle Horimoto <khorimoto@chromium.org>
Commit-Queue: Josh Nohle <nohle@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#592640}
Reviewed-on: https://chromium-review.googlesource.com/1241564
Cr-Commit-Position: refs/branch-heads/3538@{#604}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
Status: Fixed (was: Started)

Sign in to add a comment