Here is the code,which runs on Tomcat and it works for about 10 days , where several users can login with OAuth 20 SSO, after which it gets a HTTP 400 response from Google:(https://accounts.google.com/o/oauth2/token)
Please suggest what might be missed:
CloseableHttpClient httpclient = HttpClientBuilder.create().build();
HttpUriRequest post = RequestBuilder.post(data.getOauthTokenURI())
.addParameter("code", code)
.addParameter("grant_type", "authorization_code")
.addParameter("client_id", data.getOauthClientId())
.addParameter("client_secret", data.getOauthClientSecretDec())
.addParameter("redirect_uri", data.getOauthRedirectURI())
.build();
String postResponseBody = null;
CloseableHttpResponse httpResponse = null;
try {
httpResponse = httpclient.execute(post);
int httpCode = httpResponse.getStatusLine().getStatusCode();
SUMMARY:
On Monday 7 December 2015, 1.29% of Google App Engine applications received errors when issuing authenticated calls to Google APIs over a period of 17 hours and 3 minutes. During a 45-minute period, authenticated calls to Google APIs from outside of App Engine also received errors, with the error rate peaking at 12%. We apologise for the impact of this issue on you and your service. We consider service degradation of this level and duration to be very serious and we are planning many changes to prevent this occurring again in the future.
DETAILED DESCRIPTION OF IMPACT:
Between Monday 7 December 2015 20:09 PST and Tuesday 8 December 2015 13:12, 1.29% of Google App Engine applications using service accounts received error 401 "Access Denied" for all requests to Google APIs requiring authentication. Unauthenticated API calls were not affected. Different applications experienced impact at different times, with few applications being affected for the full duration of the incident.
In addition, between 23:05 and 23:50, an average of 7% of all requests to Google Cloud APIs failed or timed out, peaking briefly at 12%. Outside of this time only API calls from App Engine were affected.
ROOT CAUSE:
Google engineers have recently carried out a migration of the Google Accounts system to a new storage backend, which included copying API authentication service credentials data and redirecting API calls to the new backend.
To complete this migration, credentials were scheduled to be deleted from the previous storage backend. This process started at 20:09 PST on Monday 7 December 2015. Due to a software bug, the API authentication service continued to look up some credentials, including those used by Google App Engine service accounts, in the old storage backend. As these credentials were progressively deleted, their corresponding service accounts could no longer be authenticated.
The impact increased as more credentials were deleted and some Google App Engine applications started to issue a high volume of retry requests. At 23:05, the retry volume exceeded the regional capacity of the API authentication service, causing 1.3% of all authenticated API calls to fail or timeout, including Google APIs called from outside Google App Engine. At 23:30 the API authentication service exceeded its global capacity, causing up to 12% of all authenticated API calls to fail until 23:50, when the overload issue was resolved.