Jetpack: Different API calls overwritting authorize secret #6882
Description
Probably related, in a way, with #6879
Right now, we are calling build_connect_url several times, from different API endpoints, when we load the non-connected jetpack view in wp-admin. Since each call to that method calls to generate_secrets('authorize), each call is overwritting the authorize secrets. This causes a race condition where the secrets that are rendered in the link within the 'connect' button are only valid if they have been the last ones that have been generated. In this cases, the users are getting an "invalid secret" in calypso when they try to connect. We are automattically retrying the connection and it usually gets fixed in the second attempt, but we need to fix the cause of the problem.
How to reproduce:
This is not reproductible in 100% of the cases, but there are two methods that usually works:
a)
- In a disconnected site, go to your jetpack menu ... and as soon as it appears (be quick), click on the 'connect' button.
- Part of the times, you will run into a 'invalid secret' error in calypso
b)
- In a disconnected site, go to your jetpack menu and click on connect.
- Once you are in calypso and you need to click the approve button, open your jetpack dashboard in a different tab, without doing anything else
- Click on approve. Your secret is not longer valid and it will fail the first connection attempt