Note: This article has been archived. It relates to a historical event that has been resolved.
Archived Text
Summary
A new refresh token was provisioned by the DH but an error occurred during delivery to the ADR. As a result, while the consent remains active, the refresh token held by the ADR is no longer usable and there is no way to retrieve a replacement.
Participants involved |
ADR & DH |
Occurrence A
Issue occurred while DR was refreshing an access token. A new refresh token was provisioned by the DH, but an error occurred during delivery to the ADR resulting in the ADR never receiving the new refresh token.
The DH’s analysis indicates the delivery error occurred due to a DH infrastructure upgrade taking place at the same time as the data request.
Steps were taken by DH to ensure token delivery is not impacted by simultaneous deployments moving forward.
Impact |
The existing consent had to be revoked and re-established which resulted in poor consumer experience for the ADR as the Consumers CDR Data had to be deleted when the consumer withdrew their consent to re-establish it. |
Workaround |
Consent must be revoked by the consumer and successfully re-established. |
Occurrence B
DH using a single refresh token for duration of the consent. For this reason, the refresh token is not returned in the token endpoint. If a refresh token is not returned from the token endpoint, the ADR overwrites the current refresh token with nil.
As a part of the fix, the ADR updated their application to update the refresh token only if a new one is provided otherwise no update is made to the refresh token.
Impact |
Data is not shared between the DH and ADR. |
Workaround |
None |
Occurrence C
ADRs reported timeout or 500 errors as a response to calls to the DH token endpoint. Each error caused the refresh token for the consent to become out of sync, preventing data sharing for the consumer.
DH fix was to turn off refresh token cycling.
Impact |
Refresh Tokens became out of sync and completely stopped data sharing for the consumer. The existing consent had to be revoked and re-established by the consumer. A small number of consumers were impacted by the issue. |
Workaround |
Consent must be revoked by the consumer and successfully re-established. |
Comments
0 comments
Please sign in to leave a comment.