SyncAuthManager may fail to revoke an invalid access token |
||
Issue descriptionPointed out in a comment on https://crrev.com/c/1188472 (after landing): That CL introduced a situation where SyncAuthManager drops its access token (because it's invalid/expired), but does not tell IdentityManager (-> OAuth2TokenService) about it. That means the next token request we send will likely give us back the very same token - which we'd again drop, rinse and repeat. I haven't heard of any practical problems caused by this: Generally O2TS should notice itself that a token has expired and drop it automatically. Still, better to be safe (and consistent). The short-term fix is simply to tell IdentityManager to drop the token too. Longer-term, maybe SyncAuthManager doesn't need to cache the token at all, since the identity system caches it anyway.
,
Sep 28
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2c6cdbef3f46ca7cf46e608089479c5aa761943f commit 2c6cdbef3f46ca7cf46e608089479c5aa761943f Author: Marc Treib <treib@chromium.org> Date: Fri Sep 28 09:42:26 2018 SyncAuthManager: When dropping an invalid token, also tell IdentityManager This solves a (presumably) rare case where we'd get the same invalid token again and again. Bug: 889896 Change-Id: I10f569f195a91c6912ac700ccc5dd0c1c8f3c06c Reviewed-on: https://chromium-review.googlesource.com/1249087 Commit-Queue: Marc Treib <treib@chromium.org> Reviewed-by: Mikel Astiz <mastiz@chromium.org> Cr-Commit-Position: refs/heads/master@{#595035} [modify] https://crrev.com/2c6cdbef3f46ca7cf46e608089479c5aa761943f/components/browser_sync/sync_auth_manager.cc [modify] https://crrev.com/2c6cdbef3f46ca7cf46e608089479c5aa761943f/components/browser_sync/sync_auth_manager.h
,
Sep 28
|
||
►
Sign in to add a comment |
||
Comment 1 by treib@chromium.org
, Sep 28