Mikel: I do not see any auth error in your screenshots. Are you certain that sync was not working:
* Account in token service does not have any permanent error
* There is a valid access token for chromsync scope.

Note that it is normal to have expired access tokens in Chrome - the TTL for an access token is 1 hour, so they all expired after that time. A client of the token service needs to request another token for that scope in order for the access token to be updated.

Unfortunately the issue went away so I cannot confirm, but I'm quite certain that sync wasn't working at the time.

msarda@: Can you clarify how you conclude "There is a valid access token for chromsync scope"? It's red for "sync", and "expire at" indicated a time in the past, so I concluded it must be an expired access token.

+ Jinhui

We looked at different lines as chromesync  is used for other services than sync.  If you look web_history  and suggestion_services has valid tokens with chromesync scopes that are still valid, that is why I think your token is still good. Note that all these requests return the same access token for chromesync scope (see that all access tokens that have not expired have the Exire time set to 11/9/18 at 8:25:54 AM)

However, the time to live for these access tokens is a bit strange: my understanding if that an access token lives for 1 hour (or 2 hours more recently), but it looks like the TTL for these access tokens are way longer.

Jinhui: It looks like in this case we have access tokens for chromesync scope that have a very long TTL (from about 11/8/18 at 1:31:30 PM to 11/9/18 at 8:25:54 AM). Is that normal?

Chrome client ID is whitelisted to get access token for oauthlogin and chromesync scope with extended lifetime up to 24 hours.