Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 573113

Summary: OpenID Connect logins are failing often
Product: Community Reporter: Christopher Guindon <chris.guindon>
Component: API.eclipse.orgAssignee: API.eclipse.org inbox <api-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: webmaster
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Windows 10   
Whiteboard:

Description Christopher Guindon CLA 2021-04-23 13:15:11 EDT 
The authorization server is returning this error when a login fails:

Could not retrieve tokens (400 Bad Request). Details: Array ( [error] => invalid_grant [error_description] => The authorization code has expired )

The clocks on both api-vms are NOT in sync. There is a 30 seconds difference between api-vm1 and api-vm2.

The authorization code is meant to expire after 30 seconds.

The request WILL fail if the OAuth dance is done using both vms. 

For example, api-vm1 creates the authorization code but the token exchange is done on api-vm2.

The fix:

The clocks on api-vm1 and api-vm2 must be synchronized.
Comment 1 Eclipse Webmaster CLA 2021-04-26 09:14:49 EDT 
The clocks have been re-synced and seem to be staying that way.

-M.
Comment 2 Christopher Guindon CLA 2021-04-26 09:16:54 EDT 
(In reply to Eclipse Webmaster from comment #1)
> The clocks have been re-synced and seem to be staying that way.
> 
> -M.

It made a huge difference! Thanks Matt!