still trying to find STR but here's the error i'm getting right now 1393887410784 Sync.BrowserIDManager ERROR Background fetch for key bundle failed: AuthenticationError(TokenServerClientServerError({"now":"2014-03-03T22:56:50.782Z","message":"Authentication failed.","cause":"invalid-client-state","response_body":"{\"status\": \"invalid-client-state\", \"errors\": [{\"location\": \"body\", \"name\": \"\", \"description\": \"Unauthorized\"}]}","response_headers":{"content-type":"application/json; charset=UTF-8","date":"Mon, 03 Mar 2014 22:56:52 GMT","server":"nginx/1.4.4","x-timestamp":"1393887412","content-length":"111","connection":"keep-alive"},"response_status":401})) 1393887410785 Sync.Status DEBUG Status.login: error.login.reason.no_recoverykey => error.login.reason.no_recoverykey 1393887410785 Sync.Status DEBUG Status.service: service.client_not_configured => service.client_not_configured

That is expected to happen after you reset your password. Is that what you did? Hopefully it prompted you to "Reconnect to Sync" in the hamburger menu and pref panel.

somehow this account is hosed. I think these are my steps: 1. do something cause reauth flow 2. go into prefs > forget email 3. sign in with a different accout actual: you'll end up in this state. other info: 1. Chris used my account and repro'd this with my account 2. I could repro after restart 3. once i changed password, this fixed the problem.

Hmm. I invalidated my session forcing a reauth flow, and followed my steps - but that didn't repro this issue. So we don't have good STR still. :ckarlof who should investigate? It's a slight edge case but getting out of this state sucks.

I just repro'd this with using the TPS account user:crossweaveservices@restmail.net pw: crossweaveservicescrossweaveservices 1394165122714 Sync.BrowserIDManager ERROR Authentication error in _fetchTokenForUser: AuthenticationError(TokenServerClientServerError({"now":"2014-03-07T04:05:22.682Z","message":"Authentication failed.","cause":"invalid-client-state","response_body":"{\"status\": \"invalid-client-state\", \"errors\": [{\"location\": \"body\", \"name\": \"\", \"description\": \"Unauthorized\"}]}","response_headers":{"content-type":"application/json; charset=UTF-8","date":"Fri, 07 Mar 2014 04:05:23 GMT","server":"nginx/1.4.4","x-timestamp":"1394165123","content-length":"111","connection":"keep-alive"},"response_status":401})) 1394165122714 Sync.Status DEBUG Status.login: success.login => error.login.reason.no_recoverykey 1394165122714 Sync.Status DEBUG Status.service: success.status_ok => service.client_not_configured 1394165122714 Sync.SyncScheduler DEBUG Clearing sync triggers and the global score.

Just sign in using comment 4 and you'll get that error.

The invalid-client-state is supposed to signal that you're logging in with an old password, and should re-login with your updated password. If you're in this state but are using the currently-valid FxA password, the only way out of it is to do a password reset. This is by design and as intended. So the question is: how did you get the TPS account into this state? And if it's there by accident, is it due to client or server shenanigans?

I'll also note that Bug 972070 has been known to put an account into this invalid-client-state by accident, due to using an assertion from the old account with the encryption keys from the new account.

Edwin, is this with Nightly or Aurora? Bug 972070 landed on 03-03-14 and hasn't been uplifted to Aurora yet.

fyi: * I repro'd again with an older version of nightly. with a different account. * updated nightly to today 3/8, still repro * changed password * fixed - syncing as expected now. I'm assuming any users who previously didn't switch accounts before 3/3/14, will not be affected by this issue. Closing as fixed.

running into this after changing my password, it blocks TPS from running. I changed it once, then back to fix the invalid client state. user:crossweaveservices@restmail.net pw: crossweaveservicescrossweaveservices 1394472871654 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472871654 Sync.Service DEBUG Caching URLs under storage user base: https://sync-2-us-east-1.sync.services.mozilla.com/1.5/71679/ 1394472871654 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472871654 Sync.AddonsReconciler INFO Registering as Add-on Manager listener. 1394472871654 Sync.AddonsReconciler DEBUG Adding change listener. 1394472871655 Sync.Tracker.History INFO Adding Places observer. 1394472871679 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472871680 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472871680 Sync.Status DEBUG Status.service: success.status_ok => success.status_ok 1394472872098 Sync.BrowserIDManager ERROR fxa.getAssertion() failed with: 401 - Invalid authentication token in request signature 1394472872098 Sync.BrowserIDManager ERROR Authentication error in _fetchTokenForUser: AuthenticationError(Unable to get assertion for user) 1394472872099 Sync.Status DEBUG Status.login: success.login => error.login.reason.account 1394472872099 Sync.Status DEBUG Status.service: success.status_ok => error.login.failed 1394472872099 Sync.BrowserIDManager ERROR Background fetch for key bundle failed: AuthenticationError(Unable to get assertion for user)

> fxa.getAssertion() failed with: 401 - Invalid authentication token in request signature This is an FxA server error, failing to authenticate to get a fresh certificate. It doesn't appear related to the invalid-client-state issue. Are there additional logs that show interaction failing with the tokenserver?

logged bug 981864 closing this

ok.