Android: [BUG] app loses OAuth2 token when app is closed

@lefherz please check 10.3.0 release notes:
https://doc.owncloud.org/server/10.3/admin_manual/release_notes.html#oauth2-and-session-handling-improvements

Ah, great! I thought that it might be an Android issue because the Desktop clients aren't affected. A good reason to finally upgrade my server ;) I'll get back to this issue as soon as I'm done.

@lefherz is it finally an Android issue? Can we close it?

I finally got around to upgrade the server - testing it right now.

It works right now, but somehow the Android app doesn't appear in https://example.org/settings/personal?sectionid=security, I only see my firefox, thunderbird, ownCloud client, and DAVx5 sessions there. Isn't this where the OAuth2 sessions should be visible?

Correction: it does not work. Not closing the app deletes the OAuth2 token, it took (max.) 90 minutes until I was logged out again. The app was closed in the meantime, but not stopped or so.

@lefherz please check 10.3.0 release notes:
https://doc.owncloud.org/server/10.3/admin_manual/release_notes.html#oauth2-and-session-handling-improvements

I'm using the official docker containers. According to this page:

 If your ownCloud deployment is based on the official Docker images or the Univention appliance, you do not have to apply changes as Redis is not used for session handling. 

Ok @lefherz , thanks for the info

Just tried again with https://github.com/owncloud/oauth2/releases/tag/v0.4.2RC2, doesn't help

@lefherz send logs?

I sent a mail to [email protected] :)

This does indeed look interesting, I found a good traceback :)

{
 "reqId":"58ff745f-f5d0-40bd-ad94-f5c5db995072",
 "level":3,
 "time":"2020-01-20T02:15:08+00:00",
 "remoteAddr":"192.xx.xx.xx",
 "user":"--",
 "app":"OCA\\OAuth2\\Controller\\OAuthApiController",
 "method":"POST",
 "url":"\/index.php\/apps\/oauth2\/api\/v1\/token",
 "message":"Exception: 
    {\"Exception\":\"OCP\\\\AppFramework\\\\Db\\\\DoesNotExistException\",
     \"Message\":\"Did expect one result but found none when executing: query \\\"SELECT * FROM `*PREFIX*oauth2_refresh_tokens` WHERE `token` = ?\\\"; parameters Array\\n(\\n    [0] => <token which I manually removed>\\n)\\n; limit \\\"\\\"; offset \\\"\\\"\",
    \"Code\":0,
    \"Trace\":\"
    #0 /var/www/owncloud/lib/public/AppFramework/Db/Mapper.php(363): OCP/AppFramework/Db/Mapper->findOneQuery('SELECT * FROM `...', Array, NULL, NULL)\
    #1 /mnt/data/apps/oauth2/lib/Db/RefreshTokenMapper.php(75): OCP/AppFramework/Db/Mapper->findEntity('SELECT * FROM `...', Array, NULL, NULL)\
    #2 /mnt/data/apps/oauth2/lib/Controller/OAuthApiController.php(183): OCA/OAuth2/Db/RefreshTokenMapper->findByToken('xxxxxxxxxxxxxx...')\
    #3 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(153): OCA/OAuth2/Controller/OAuthApiController->generateToken(*** sensitive parameters replaced ***)\
    #4 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(85): OC/AppFramework/Http/Dispatcher->executeController(Object(OCA/OAuth2/Controller/OAuthApiController), 'generateToken')\
    #5 /var/www/owncloud/lib/private/AppFramework/App.php(100): OC/AppFramework/Http/Dispatcher->dispatch(Object(OCA/OAuth2/Controller/OAuthApiController), 'generateToken')\
    #6 /var/www/owncloud/lib/private/AppFramework/Routing/RouteActionHandler.php(47): OC/AppFramework/App::main('OCA//OAuth2//Cont...', 'generateToken', Object(OC/AppFramework/DependencyInjection/DIContainer), Array)\
    #7 /var/www/owncloud/lib/private/Route/Router.php(342): OC/AppFramework/Routing/RouteActionHandler->__invoke(Array)\
    #8 /var/www/owncloud/lib/base.php(920): OC/Route/Router->match('/apps/oauth2/ap...')\
    #9 /var/www/owncloud/index.php(54): OC::handleRequest()\
    #10 {main}\",\"File\":\"/var/www/owncloud/lib/public/AppFramework/Db/Mapper.php\",\"Line\":281}"}

I forgot to add that some people have this problem with the Desktop Client as well. But curiously, only some people, not everyone.

Now I have more than one account on the app, and I noticed, that this bug only happens for the first account.

The second account now works as expected, although the same account did not work on my old phone, when it still was the first account.

The third account works as expected, without an expiring token.

This narrows it down a lot, I would say - should be easy to find out now?

@michaelstingl How should we proceed?

We can have look in the next sprint

@lefherz Could you provide your config report?
to use correctly the OAuth you need some prerequisites:
Redis Server and php.redis newer than 4.2
Configuration in the php.ini:

- SESSION_SAVE_HANDLER=redis
- SESSION_SAVE_PATH=tcp://redis:6397
- REDIS_SESSION_LOCKING_ENABLED=1
- REDIS_SESSION_LOCK_RETRIES=750
- REDIS_SESSION_LOCK_WAIT_TIME=20000

You have an account in my server, please try there the android app and tell me if it's disconnected, I was not able to reproduce there.

I was no t able to reproduce the problem. I used two accounts:

1) @cdamken 's server

2) 10.4 server (docker) with oauth2: 0.4.3

I tested them individually, and together. No token revokals before and after every renewal.

Some detail is missing here... i hope we can find it!

In any case, you are testing with ownCloud app version: 2.13.1. During next weeks we will release 2.15 which main improvements are in the authentication/authorization side, including a new library to manage all OAuth2 stuff. Maybe we can provide you an apk to test with the current master , just to know if the problem is still there.

Wasn't able to test it yet with @cdamken 's server, also because the problem apparently doesn't appear with all accounts in the app; I'd have to remove my existing accounts to try it out.

so an apk with a different AppID would be very useful to test whether the problem still appears with the changes for 2.15.

Could you try with this apk? @lefherz

https://app.bitrise.io/artifact/33794167/p/bd1148e154a4bfa17a4a89216dbc241c

The Installation fails:

$ adb install owncloud_2.14.2-debug.apk 
adb: failed to install owncloud_2.14.2-debug.apk: Failure [INSTALL_FAILED_CONFLICTING_PROVIDER: Package couldn't be installed in /data/app/com.owncloud.android.debug-MTzIzrI8qpe7NdIn7YsZFQ==: Can't install because provider name org.owncloud (in package com.owncloud.android.debug) is already used by com.owncloud.android]

Is there a solution to this which doesn't require that I uninstall the normal ownCloud app?

i think (unfortunately) it is not posible if both versions share the same package name (com.owncloud.android). Am i wrong @davigonz @abelgardep ? any workaround?

If it's more of an effort, I'll just try again when 2.15 is released and report back :)

I have a similar issue. The app constantly looses it's authentication for both accounts that I have configured in the app. Both use OAuth. Interestingly, the refresh token it tries to use does not change in the server logs despite reauthenticating for a dozen times.
Phone is a Pixel 3 with Android 10.

@Helios07 your issue is like this one: https://github.com/owncloud/android/issues/2655 . We will release a beta version with the fix soon, so that you can check if it is fixed before the official release. CC @lefherz

That is good to know, I will test the new version.

We released a new beta version the latest days (2.15-beta1). If you want to test and give us your feedback, it will be welcome!

Cool. It doesn't seem to be built for F-Droid yet? https://f-droid.org/wiki/page/com.owncloud.android/lastbuild_21400200

It is not merged in F-Droid yet. It should be in the short term.

Merged in F-droid. I should not take long to be available.

Hi @lefherz, any news about this? It would be great to know if it is fixed with beta 2

official 2.15 is out, please let us know if the problem is fixed on your side. @lefherz

Hm, it never finishes syncing, so the app doesn't do much anymore since the upgrade to 2.15 - including uploading photos in the background.

But the "you need to login again" message disappeared, and if the syncing only happens when you are authenticated, then it seems that the problem is solved :) I can't say that expected behavior is reached already though, as the app isn't usable atm for other reasons, afaict

I had a similar behavior an two other phones (no syncing, no photo upload, no download of new files). Deleting and recreating the account did not work. I had to reinstall the app, but after that, everything worked smoothly.

@Helios07 did you upgrade from 2.14.2? from 2.15beta1?

These were upgrades from 2.14.2. Unfortunately I was not able to reproduce this (by restoring the old version and upgrading again). So I could not make out any cause for this.
One phone had Android 10 (Pixel 3), the other Android 9 (Galaxy S8).

@Helios07, @lefherz can you verify if that bad behaviour is still there after a 2.15 fresh install? That would help us to know if the problem relies on migration or if it comes from 2.15. Thanks in advance

After the reinstallation of 2.15 everything works flawlessly so far. So in my opinion it is the migration. Unfortunately (for testing purposes), migrating from a fresh installed 2.14 also works without problems.

ok, interesting to know. We had several problems after releasing 2.15beta1, so, that version was not pretty stable and is not a good point to migrate. But, if you upgrade from 2.14.2 is another business. Did you use any specific authentication method? any set up in server (like LDAP)?

Yes, after a reinstall it works again. I will now wait and see whether the bug I originally reported here reappears.

Another interesting thing I noticed after the upgrade from 2.14 to 2.15, was that the profile images of my accounts disappeared; instead it showed a generic grey icon depicting a person. After the reinstall and reauthenticating, the profile pics are there again.

thanks a lot for your feedback @lefherz and @Helios07 ! if the original problem about OAuth2 is fixed on your side, feel free to close. I regret the problems after upgrading and celebrate that they are gone after reinstalling.

In my setup, OAuth was used on both phones and the accounts were local (but in one of them there were two configured if I remember correctly, one with LDAP and one with a local account).
But so far it works for me and this is very good :)

Hm, unfortunately now the app doesn't do anything anymore, doesn't finish syncing, and I don't see my profile images anymore - it seems the bug returned. I could reinstall to fix it for a few hours, but maybe logs would be more useful to you?

Until this is fixed unfortunately I can't confirm that the bug which I reported in this issue is solved :/

Do you want me to open a separate bug report for this?

Do you want me to open a separate bug report for this?

it'd be cool, since this is a different problem than the current one. Our suspictions are that something in the multiaccount is broken. We will deal with it. Thanks again!

Okay, I opened #2900

Is this fixed?

Yes, with Android 2.15.1, ownCloud server 10.5.0, and OAuth2 0.4.3 it doesn't appear anymore. Thanks a lot!