App Tokens being set to password_invalid repeatedly

Nextcloud version: 20.0.0
Operating system and version: Ubuntu 20.04, running the official docker hub image

The issue you are facing:
From time to time, my app tokens stop working. There is no reason I could identify, and some seem to last longer than others. I faced this problem for a couple of months now, and started to document the occurences (and log the created app tokens to be able to reuse them).

Sept. 19: TBSync in Thunderbird on one of my machines complained about not being able to login. I did then create a new token (let’s name it “TB1” for sake of clarity) and entered it in TBSync.

Sept. 20: DAVx5 on my mobile had the same problem. Created a new token (“DX1”) , back in service.

Sept. 26 the TBSync token in another users TBSync adapter was invalid. Created a new one (“TB2”), worked.

Oct. 08: My two app tokens (“TB1” and “DX1”) mentioned above became invalid. Checked the nextcloud database and found that they had a 1 in the password_invalid column. updated back to 0 in the database and re-entered the old app token in TBSync and DAVx5 - worked.

Oct. 09: My “TB1” token reactivated yesterday is password_invalid again, the DX1 is still alive. But now the other user’s TBSync token “TB2” is invalid again. Updated password_invalid back to 0, both work again.

I have no idea why this is happening. Didn’t find any hint in docker logs nextcloud or the admin log in Nexctioud web frontend (apart from the warning message that the login failed).

Is this the first time you’ve seen this error? (Y/N): No. It reoccurs frequently.

Steps to replicate it: Not known, unfortunately…

The output of your Nextcloud log in Admin > Logging:

Warning	core	Login failed: 'patrick' (Remote IP: 'xx.xx.xx.xx')	

Do you have an idea what may cause this modification in the database? I did read about password changes that used to set all tokens to password_invalid, but this seem to be changed in more recent versions, and in my case it doesn’t affect all tokens of one user, but it does obviously selct them randomly.

Any hint will be appreciated.

Thanks in advance,

Hi, were you able to solve this? I have the same problem with app tokens being randomly set to invalid.

The same problem occurs here. Our instance is behind a HAProxy with TCP passtrhough.