Page MenuHomePhabricator

OAuth authorization with a just-created account sometimes fails with 'mwoauthdatastore-access-token-not-found'
Closed, ResolvedPublic


On, we have a signup flow for users who do not already have Wikipedia accounts, which uses 'returntoquery' to send a user to the account creation page and then immediately redirect them to an auth page for the dashboard once they've created their account. Here are the entry points for this flow:

This usually works, but seems occasionally fail with 'mwoauthdatastore-access-token-not-found'. @Tgr suggests that this might be caused by master-slave lag.

Event Timeline

Ragesoss raised the priority of this task from to Needs Triage.
Ragesoss updated the task description. (Show Details)
Ragesoss added subscribers: Ragesoss, Tgr.

Change 266800 had a related patch set uploaded (by Gergő Tisza):
Fall back to master DB for access token lookup

Seems like this should already be covered by ChronologyProtector, unless there was a >10sec lag spike and timeout. Though I don't see many log entries under

+channel:DBPerformance +message:"Waiting" +url:*OAuth*

@awight @Abit This bug will affect the all instances of the dashboard, creating a confusing situation for newcomers who try to create their account at the same time they join a course. It's hit-or-miss; often you can create an account and sign up in one smooth flow, but a significant fraction of the time, you'll instead get stopped by an OAuth error message.

@aaron: ChronologyProtector uses IP+user agent to persist the master position, but the OAuth request that fails is sent by the WikiEdu server, if I understand the bug report correctly, so the IP/agent won't match that of the authorization request.

What's the status with that patch? Is waiting for more review, or is it not the right fix? Users run into this problem all the time at Wiki Ed events.

IMO it is ready to merge. @Anomie asked for some code quality improvements but I can do those in a follow-up.

Change 266800 merged by jenkins-bot:
Fall back to master DB for access token lookup

@Ragesoss any impression on whether this is resolved?

@Tgr I think this one is resolved. I haven't heard of this error coming up lately (unlike the E008 error). I'll keep an eye out for reports of it, though. These next few weeks are when a few thousand users will go through the account creation and OAuth login flow via

Tgr claimed this task.

Thanks! Please reopen if you run into it again.