When there're mutiple concurrent requests using the same access_token (being an Authorization header of an access_token query parameter), the update of the last usage timestamp of the token leads to a database serialization issue. The exception bubbles and leads to the access being denied.

It happens on relatively moderate trafic (~10 simultaneous HTTP request using the same token).

If I comment out

// Track last access on the token.
$this->logAccessTime($token);

in OAuth2Storage::getAccessToken(), everything goes smoothly (albeit the timestamp not being updated, obviously).

I do not see any way to easily solve this.

CommentFileSizeAuthor
#5 serialization_deadlock-2859214-5.patch869 bytessanduhrs
#4 oauth2-deadlock-d7.patch739 byteslauriii
#2 serialization_deadlock-2859214-2.patch635 bytesgarphy

Comments

garphy created an issue. See original summary.

garphy’s picture

garphy
Primary language French
Location Montreal, Canada
commented
StatusFileSize
new serialization_deadlock-2859214-2.patch635 bytes

This patch is just a workaround to catch the Exception and avoid denying access to legitimate request.

This is obviously not a long-term solution.

garphy’s picture

garphy
Primary language French
Location Montreal, Canada
commented

@maintainers : unfortunately, the proposed workaround doesn't work in all cases.

can you confirm that there indeed may be a transaction design issue here and hopefully give some guidance about how resolves this ?

i'm willing to spend some time to resolves this but I really don't know were to start

lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
commented
StatusFileSize
new oauth2-deadlock-d7.patch739 bytes

Here's a patch for the Drupal 7 version for anyone running into this problem.

sanduhrs’s picture

sanduhrs
he/him
Primary language German
Location 🇪🇺 Heidelberg, Germany, Europe
commented
StatusFileSize
new serialization_deadlock-2859214-5.patch869 bytes

  • sanduhrs committed 3ee8add on 8.x-1.x 
    Issue #2859214 by garphy, lauriii, sanduhrs: Serialization/Deadlock...
sanduhrs’s picture

sanduhrs
he/him
Primary language German
Location 🇪🇺 Heidelberg, Germany, Europe
commented
Version: 8.x-1.x-dev » 7.x-1.x-dev
m.stenta’s picture

m.stenta
he/him
Primary language English
commented
Status: Active » Reviewed & tested by the community
Related issues: +#1650930: Use READ COMMITTED by default for MySQL transactions

We ran into the same issue in farmOS, and the patch in #4 "fixes" it (with the exception that the token's last_access might not be getting updated when it should in all cases).

I did find this Drupal core issue that might be related: #1650930: Use READ COMMITTED by default for MySQL transactions

Setting this to RTBC because I think the patch in #4 can be committed to 7.x-1.x, to match the commit that was already made to 8.x-1.x. Not sure if you want to set it back to "Active" after that to consider how to proceed with the @todo or not.

  • d20df864 committed on 7.x-1.x 
    Issue #2859214 by garphy, lauriii, m.stenta: Serialization/Deadlock...
cafuego’s picture

cafuego commented
Status: Reviewed & tested by the community » Fixed

Patch from #4 is committed. Thank you!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.