Page MenuHomePhabricator
Create Task
Maniphest T332771

Refresh token generation throws 403 error
Closed, ResolvedPublic5 Estimated Story PointsBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):

  • Obtain refresh_token using /v1/login API
  • Trigger /v1/token-refresh API more than 5 times

What happens?:
See that although your refresh token is still valid you are getting 403 response.

What should have happened instead?:
You should get a valid access token.

Notes
This is happening due to limitations on max amount of access tokens per refresh token we have put in place. We need to consider either changing the logic or updating the max amount of access tokens per refresh token. Also we should add an expiration date for the cache entries that are counting access tokens.

Also need to consider whether we should update the v1 API as well with this fix.

Event Timeline

Protsack.stephan created this task.Mar 22 2023, 12:10 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 22 2023, 12:10 PM
Protsack.stephan triaged this task as High priority.Mar 22 2023, 12:11 PM
Protsack.stephan added a project: Wikimedia Enterprise Engineering.
Felixejofre set the point value for this task to 5.Mar 24 2023, 3:55 PM
REsquito-WMF moved this task from To Be Estimated/To Be Discussed to Estimated /Discussed on the Wikimedia Enterprise board.Mar 27 2023, 9:48 AM
Alexander.lauie claimed this task.Mar 29 2023, 1:28 PM
Protsack.stephan moved this task from Estimated /Discussed to In Progress on the Wikimedia Enterprise board.Mar 29 2023, 1:34 PM
Alexander.lauie changed the task status from Open to In Progress.Mar 30 2023, 1:18 PM
Alexander.lauie moved this task from In Progress to Merge Request on the Wikimedia Enterprise board.Apr 4 2023, 5:26 PM
Protsack.stephan claimed this task.Apr 6 2023, 12:11 PM
Protsack.stephan moved this task from Merge Request to Machine Readability PB on the Wikimedia Enterprise board.
Protsack.stephan added a subscriber: Alexander.lauie.
Protsack.stephan reassigned this task from Protsack.stephan to Alexander.lauie.Apr 8 2023, 8:45 AM
Protsack.stephan moved this task from Machine Readability PB to Done Sprint 36 (Mar 23 - Apr 5) on the Wikimedia Enterprise board.
JArguello-WMF moved this task from Done Sprint 36 (Mar 23 - Apr 5) to Done 31 on the Wikimedia Enterprise board.Jul 14 2023, 3:27 PM
JArguello-WMF closed this task as Resolved.Jul 14 2023, 3:34 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits