-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1500 unexpected error when github oauth expires #446
Comments
Are you sure the issue is that the refresh token expired? It may be invalid for other reasons. Which HTTP code and error message should be used in that case? A 401 error code? When this happens, the solution is to have the user go through the "connect" flow again so that new valid token are issued. |
Some references: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens
We can consider using a background job to do refreshes, though we would need to also maintain something like a I am not really in favor of doing that though. The refresh token expiring means that the user has not touched a GitHub feature for more than six months. In this case, I think it is OK to ask them to re-connect. |
it seems to happen pretty regularily with users that have github connected and after a while they get 1500 errors where the oauth connection is used. It could be invalid for other reasons, but the user (elisabet) didn't invalidate it or anything, and it did work previously. So as far as I know, it goes from valid to invalid without any change from the users side. But as per the issue description, figuring out exactly what is going on is part of this issue. I don't think 401 makes sense, as it's not the client that is unauthenticated with us, but auth failure with a third party, and mixing those up could be confusing to clients. on the get_token endpoint specifically, maybe 404 is best suited, with extra details in the body. As in, the endpoint is for getting a valid token, but we don't have/couldn't find a valid token? yes, reconnecting again solves the issue, for a time, but from what I heard from users, it happens more often than every 6 months. |
We should handle this error properly so it's actionable for users, not "1500 unexpected error occured".
Ideally, we'd figure out why the oauth refresh token expires in the first place and make sure this doesn't happen (this is for github.com oauth)
related sentry error:
Sentry Issue: RENKU-DATA-SERVICES-16
The text was updated successfully, but these errors were encountered: