Investigate why tokenserver is hitting /v1/verify on fxa so often

[data-sync-user]

https://sql.telemetry.mozilla.org/queries/97053/source fenix is still hitting fxa quite a bit (I assume token server directs every query there)I think the reason desktop and iOS aren’t in that list is [https://github.com/mozilla/bigquery-etl/blob/db15c215868a76e7e41a843ece6ee1fa63954…ared-prod/firefox_accounts_derived/fxa_auth_events_v1/query.sql|https://github.com/mozilla/bigquery-etl/blob/db15c215868a76e7e41a843ece6ee1fa639541ec/sql/moz-fx-data-shared-prod/firefox_accounts_derived/fxa_auth_events_v1/query.sql#L55-L59] filtering them out.

TLDR: Token server is likely hitting FxA for every token request (maybe a subset?) although it should only trigger that call if something went wrong (the JWK’s changed, the access token’s shape changed, etc)

┆Issue is synchronized with this Jira Task ┆Attachments: image-20240906-142910.png

[data-sync-user]

➤ Tarik Eshaq commented:

We added some telemetry in the Rust implementation of the token verification to try and capture this case.

This will block on the rollout of that code (the code is landed and the ticket tracking its feature flag will be linked as blocking this ticket)

[data-sync-user]

➤ David Durst commented:

akomar ran this query ( https://sql.telemetry.mozilla.org/queries/102044/source ) that looks at this same question from the newly-migrated glean perspective. The results show that we still see more hits from desktop than I think we expect (~19 requests/client, using 15M DAU and looking at 9/5). This looks like ~13 per for Fenix, and a suspicious ~2 for iOS.

!image-20240906-142910.png|width=528,height=572,alt="image-20240906-142910.png"!