-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
False
-
-
False
-
-
-
Important
Followup to HAC-162. When user encounters "Could not grant offline token", we show potential reason "might have exceeded the maximum number of offline sessions" + advice about revoking previous tokens.
Several problems with that:
- The error is not always caused by having too many offline tokens.
Our logic detects invalid_grant SSO error, but that perhaps was never correct?! That's actually a generic error; we should instead detect offline_session_limit_exceeded — https://redhat-internal.slack.com/archives/CB53T9ZHQ/p1707770936182379?thread_ts=1706645418.417049&cid=CB53T9ZHQ - Several customers now have reported they got that advice (which might be red herring) but were unable to revoke any existing tokens — they see no "Remove access" button under "cloud-services"
- For some customers stuck with such issue, logging out from the UI helped.
Since we don't yet understand the issue, for good measure we may suggest logging out both from consoledot UI (profile top right corner -> Log Out) and from https://sso.redhat.com/ (if signed in, click your name in top bar -> Sign out)?
However, for at least one customer, logging out did NOT help either. - It'd be helpful to display the raw error JSON on that page. It may contain a helpful error_description, and in any case will help us diagnose customer issues.
Additional info
Slack thread 1, thread 2, thread 3.
KB article with similar advice: https://access.redhat.com/solutions/6068211
Current code:
https://gitlab.cee.redhat.com/service/uhc-portal/-/blob/master/src/components/CLILoginPage/TokenBox.tsx
https://gitlab.cee.redhat.com/service/uhc-portal/-/blob/master/src/components/CLILoginPage/RevokeTokensInstructions.tsx
https://gitlab.cee.redhat.com/service/uhc-portal/-/blob/master/src/components/CLILoginPage/TokenUtils.ts
New login flow OCMUI-1276 may become a good mitigation for customers stuck on this (when it's ready for external testing).