Slow or Broken Sync with Nextcloud: Token does not exist
If you have trouble getting a third-party app to sync with Nextcloud, try assigning an app-specific password in the Security settings of your Nextcloud account. Logging in with your regular password takes a tiny bit more time, which can add up when an app makes multiple connections at once.
For instance:
- RSS Guard and Fluent Reader, two cross-platform feed readers that sync with Nextcloud News, just would not sync reliably until I switched to an app-specific password.
- Floccus Bookmark Sync worked, but typically took upwards of 30 seconds to sync. Switching it to an app-specific password dropped it to about one.
- DAVx⁵, an Android app that syncs calendars, contacts and tasks, worked with the regular login, but every time it synced it would create a new login session that stuck around until it expired.
- Thunderbird could sync contacts and calendars with the regular login, but was definitely faster with the app-specific one.
Why the heck does this work?
I was having trouble getting RSS Guard to sync with Nextcloud. Debug logging on the client suggested that its multiple connections were clogging the server. Debug logging on the sever showed it was opening, using and then closing multiple login sessions, and those login sessions all triggered a debug log entry for an exception with the message: Token is not valid: Token does not exist
.
Searching for that turned up this comment by ChristophWurst:
This logged error is not necessarily a problem.
During DAV login we check if the provided password is an app password. That is done by checking if a matching token exists.
If not, it throws an InvalidTokenException
, which is then caught and sent out to the debug log.
Knowing that throwing an exception typically adds significant overhead (this is why many programming guides recommend only using exceptions for actual errors), I tried assigning an app-specific password to use with RSS Guard. And suddenly, instead of taking 30+ seconds to fail, it was taking about 3 seconds to successfully sync.
Throwing the exception slowed down each connection enough that the server couldn’t respond fast enough to keep up with the requests.
The Nextcloud desktop and mobile apps don’t seem to be affected by this. I don’t know offhand whether they use something other than DAV, or whether they only create a new login session when you authenticate. If it takes an extra half-second once a year, you don’t notice. But it’s going to pile up for an app that creates a new login session for each action, either slowing it down if they’re made one at a time, or DOSing itself if they’re made in parallel.
After this drastic improvement with RSS Guard (making it actually, you know, work!), I decided to watch the logs for anything else that hit the Token does not exist
event and assign a new app-specific password to each. And as noted above, it sped up sync dramatically!