fix: refresh stack token on 400 invalid-token responses#29
Merged
Conversation
Cloudery-minted app-audience JWTs have no session_id, so the Stack treats them as konnector tokens with a 30-minute TTL. On expiry the Stack returns HTTP 400 with `WWW-Authenticate: Bearer error="invalid_token"`, which cozy-stack-client folds into a FetchError whose .message is "Invalid token" or "Expired token" — not the 401 the existing refresh path was waiting for. Long-running migrations therefore die silently around the half-hour mark and the recovery flushAndFail write fails the same way, leaving the tracking doc stuck in `running`. withTokenRefresh now refreshes on 401 plus 400-with-token-rejection-message and retries once.
Have the helper return the rejection status so withTokenRefresh does not re-cast the error. Consolidate the two 400-case tests into an it.each over the three matching messages.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
session_id, so the Stack treats them as konnector tokens (30 min TTL) and returns HTTP 400 withWWW-Authenticate: Bearer error="invalid_token"once they expire. The previous refresh path only triggered on 401, so any migration running longer than ~30 minutes died mid-traversal and the recoveryflushAndFailwrite failed the same way, leaving the tracking doc stuck inrunning.withTokenRefreshnow refreshes on 401 and on 400 whose error message matchesExpired token/Invalid (JWT)? token, then retries once. Unrelated 400 errors still propagate.