fix: preserve credentials on timeout and offline refresh errors#362
Open
naveengaur800 wants to merge 2 commits intoForgeRock:developfrom
Open
fix: preserve credentials on timeout and offline refresh errors#362naveengaur800 wants to merge 2 commits intoForgeRock:developfrom
naveengaur800 wants to merge 2 commits intoForgeRock:developfrom
Conversation
naveengaur800
force-pushed
the
fix/token-refresh-timeout-offline-only
branch
2 times, most recently
from
4e7f447 to
569d41f
Compare
naveengaur800
force-pushed
the
fix/token-refresh-timeout-offline-only
branch
from
569d41f to
ac24d8d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes an auth reliability issue where temporary network failures during token renewal could force a full logout.
Problem
When getAccessToken() triggered renewal and the request failed due to transport conditions (no internet or timeout), the flow treated that failure like an unrecoverable auth rejection and cleared local auth state.
That converted a transient outage into a permanent logout, requiring full re-authentication even
though credentials could still be valid.
Context
What changed
For transport-level failures (offline/timeout), token renewal is now non-destructive:
Behavior for true authentication failures (for example invalid/unauthorized token scenarios) is unchanged.
Impact
Users are no longer logged out because of temporary network problems, and clients can show retry UX based on the actual failure.