Google Drive permission failures are ignored and lead to indefinite synchronization

[wolfmanx]

Short description

Google Drive permission failures are ignored and lead to indefinite synchronization which never terminates, not giving any indication what went wrong or how to remedy the situation. Since the error conditions are very easily identifiable and reproducible a solution will enhance the user experience significantly.

Steps to reproduce

1. Host good_login is correctly logged in and synchronization works in Google Chrome.

2. Host bad_login is logged in with the permission See, create and delete its own configuration data in your Google Drive not selected on Firefox. (See fig:Necessary permission is not selected).

   
   
   [Necessary permission is not selected](https://sw-amt.ws/tab-session-manager/_static/tsm-010-select-permission.png)

   3. This creates a situation, where both hosts can no longer synchronize. Activating the cloud sync displays "Syncing ..." as shown in fig:Syncing indefinitely, but never indicates any action and never finishes. However, the reasons are different for each host.

      
      
      [Syncing indefinitely](https://sw-amt.ws/tab-session-manager/_static/tsm-030-syncing.png)

   Expected result

   The synchronisation process should be terminated and the error condition should be reported as described in detail below.

   Actual result

   4. Host bad_login is shown as logged in, but the request to get the files is denied with status code 403 (see fig:HTTP status code 403 Forbidden). The error message "Request had insufficient authentication scopes." identifies the problem and should be displayed. The Synchronization should be terminated. The remedy is to log out and log in again, granting the necessary permission.

      
      
      [HTTP status code 403 `Forbidden`](https://sw-amt.ws/tab-session-manager/_static/tsm-020-permission-denied.png)

   5. Since the authentication scopes had been changed by host bad_login, host good_login can no longer acquire a valid token (code 400) and the attempt to access the files is rejected with status code 401 Unauthorized (see fig:Token HTTP status code 400 Bad Request access HTTP status code 401 Unauthorized).

      
      
      [Token HTTP status code 400 Bad Request access HTTP status code 401 Unauthorized](https://sw-amt.ws/tab-session-manager/_static/tsm-040-token-fails-unauthorized.png)

      The result of the failed token acquisition "Token has been expired or revoked" should be reported and the synchronization should be terminated.

      {
        "error": "invalid_grant",
        "error_description": "Token has been expired or revoked."
      }
      

      The data access request should not even be sent, but if it fails, the result message "Request had invalid authentication credentials" should be reported and the synchronization should be terminated.

      {
        "error": {
          "code": 401,
          "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
          "errors": [
            {
              "message": "Invalid Credentials",
              "domain": "global",
              "reason": "authError",
              "location": "Authorization",
              "locationType": "header"
            }
          ],
          "status": "UNAUTHENTICATED"
        }
      }
      

   6. Even when host bad_login changes the access rights to the required scope, the grant token on host good_login stays invalid. The remedy is to log out and log in again.

   Platform information

   • Platform (OS): Linux Ubuntu
   • Version of browser: FF 141.0.3, Chrome 141.0.7390.65
   • Version of Tab Session Manager: FF 7.1.1, Chrome 7.1.0

   Additional context

[362227]

same here