On 30/01/2014 10:37 AM, Stefan Arentz wrote: > Of course now the test runs just fine. I will try to reproduce this. > > The JSON error struct simply said "reason: unauthorized" I think. it did not > mention anything about expired or not-yet-valid assertions or certificates. > (I don't know how specific the Token Server is. Maybe it will simply > translate anything to a 401?)
The tokenserver should report specific errors for clock-skew-related things, as described here: https://docs.services.mozilla.com/token/apis.html#error-responses I emphasize *should* because it looks at the human-readable error strings returned by the BrowserID verifier to decide on the cause of the error, which is not the most robust of techniques. Cheers, Ryan > I've had clock skew problems before but that was when I tested with the > MockMyID code. In that case I simply set the assertion creation date a few > minutes in the past to get around that. > > In this case it happened when calling the token server after asking the > account api to /v1/certificate/sign ... > > I'll try some things to make it happen again. > > S. > > ----- Original Message ----- >> On 30/01/2014 2:06 AM, Stefan Arentz wrote: >>> >>> On Jan 29, 2014, at 1:40 AM, Ryan Kelly <rfkelly at mozilla.com> wrote: >>> >>>> We have also deployed a matching environment to the final production URL: >>>> >>>> https://token.services.mozilla.com/1.0/sync/1.5 >>> >>> Ryan are you sure this works in combination with >>> https://api.accounts.firefox.com/ ? >> >> It should work. They're only tied by the standard BrowserID >> verification process, and Nick reports that this combo works for him >> from inside the android sync code. >> >>> When I create a new (and verified) account on api.accounts, the new >>> production token server tells me I am unauthorized. >> >> My first guess would be some sort of clock-skew-related failure. The >> 401 response from the tokenserver should have a JSON body with >> additional details, what does it return? >> >> What method are you using to perform this login sequence? I'll try to >> replicate and track down the error. _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
