Fix for auto retry on 401 error

franco-zalamena-iterable · franco-zalamena-iterable · commit 6d3a0b7abd40 · 2026-04-02T08:57:54.000+01:00
Now we are recreating the token and starting the auto retry
diff --git a/iterableapi/src/main/java/com/iterable/iterableapi/IterableAuthManager.java b/iterableapi/src/main/java/com/iterable/iterableapi/IterableAuthManager.java
@@ -55,6 +55,7 @@ interface AuthTokenReadyListener {
     private volatile boolean isInForeground = true; // Assume foreground initially
 
     private volatile AuthState authState = AuthState.UNKNOWN;
+    private final Object timerLock = new Object();
     private final ArrayList<AuthTokenReadyListener> authTokenReadyListeners = new ArrayList<>();
 
     private final ExecutorService executor = Executors.newSingleThreadExecutor();
@@ -95,6 +96,21 @@ void setAuthTokenInvalid() {
         setAuthState(AuthState.INVALID);
     }
 
+    /**
+     * Handles a server-side JWT rejection (401). Invalidates the current token,
+     * clears any pending refresh, and schedules a new token request using the retry policy.
+     * When the new token arrives, AuthTokenReadyListeners are notified via the
+     * INVALID → UNKNOWN state transition.
+     */
+    void handleAuthTokenRejection() {
+        setAuthState(AuthState.INVALID);
+        setIsLastAuthTokenValid(false);
+        clearRefreshTimer();
+        resetFailedAuth();
+        long retryInterval = getNextRetryInterval();
+        scheduleAuthTokenRefresh(retryInterval, false, null);
+    }
+
     AuthState getAuthState() {
         return authState;
     }
@@ -292,29 +308,31 @@ long getNextRetryInterval() {
     }
 
     void scheduleAuthTokenRefresh(long timeDuration, boolean isScheduledRefresh, final IterableHelper.SuccessHandler successCallback) {
-        if ((pauseAuthRetry && !isScheduledRefresh) || isTimerScheduled) {
-            // we only stop schedule token refresh if it is called from retry (in case of failure). The normal auth token refresh schedule would work
-            return;
-        }
-        if (timer == null) {
-            timer = new Timer(true);
-        }
+        synchronized (timerLock) {
+            if ((pauseAuthRetry && !isScheduledRefresh) || isTimerScheduled) {
+                // we only stop schedule token refresh if it is called from retry (in case of failure). The normal auth token refresh schedule would work
+                return;
+            }
+            if (timer == null) {
+                timer = new Timer(true);
+            }
 
-        try {
-            timer.schedule(new TimerTask() {
-                @Override
-                public void run() {
-                    if (api.getEmail() != null || api.getUserId() != null) {
-                        api.getAuthManager().requestNewAuthToken(false, successCallback, isScheduledRefresh);
-                    } else {
-                        IterableLogger.w(TAG, "Email or userId is not available. Skipping token refresh");
+            try {
+                timer.schedule(new TimerTask() {
+                    @Override
+                    public void run() {
+                        if (api.getEmail() != null || api.getUserId() != null) {
+                            api.getAuthManager().requestNewAuthToken(false, successCallback, isScheduledRefresh);
+                        } else {
+                            IterableLogger.w(TAG, "Email or userId is not available. Skipping token refresh");
+                        }
+                        isTimerScheduled = false;
                     }
-                    isTimerScheduled = false;
-                }
-            }, timeDuration);
-            isTimerScheduled = true;
-        } catch (Exception e) {
-            IterableLogger.e(TAG, "timer exception: " + timer, e);
+                }, timeDuration);
+                isTimerScheduled = true;
+            } catch (Exception e) {
+                IterableLogger.e(TAG, "timer exception: " + timer, e);
+            }
         }
     }
 
@@ -363,10 +381,12 @@ private void checkAndHandleAuthRefresh() {
     }
 
     void clearRefreshTimer() {
-        if (timer != null) {
-            timer.cancel();
-            timer = null;
-            isTimerScheduled = false;
+        synchronized (timerLock) {
+            if (timer != null) {
+                timer.cancel();
+                timer = null;
+                isTimerScheduled = false;
+            }
         }
     }
 
diff --git a/iterableapi/src/main/java/com/iterable/iterableapi/IterableRequestTask.java b/iterableapi/src/main/java/com/iterable/iterableapi/IterableRequestTask.java
@@ -262,18 +262,17 @@ static IterableApiResponse executeApiRequest(IterableApiRequest iterableApiReque
     }
 
     /**
-     * When autoRetry is enabled and this is an offline task, skip the inline retry.
-     * The task stays in the DB and IterableTaskRunner will retry it once a valid JWT
-     * is obtained via the AuthTokenReadyListener callback.
+     * When autoRetry is enabled and this is an offline task, do nothing here.
+     * IterableTaskRunner.processTask() is the sole owner of 401 handling for offline tasks:
+     * it calls setAuthTokenInvalid() which invalidates the token and schedules a refresh.
+     * When the new token arrives, onAuthTokenReady() resumes the queue.
      * For online requests or when autoRetry is disabled, use the existing inline retry.
      */
     private static void handleJwtAuthRetry(IterableApiRequest iterableApiRequest) {
         boolean autoRetry = IterableApi.getInstance().isAutoRetryOnJwtFailure();
         if (autoRetry && iterableApiRequest.getProcessorType() == IterableApiRequest.ProcessorType.OFFLINE) {
-            IterableAuthManager authManager = IterableApi.getInstance().getAuthManager();
-            authManager.setIsLastAuthTokenValid(false);
-            long retryInterval = authManager.getNextRetryInterval();
-            authManager.scheduleAuthTokenRefresh(retryInterval, false, null);
+            IterableLogger.d(TAG, "Offline task 401 - deferring retry to IterableTaskRunner");
+            return;
         } else {
             requestNewAuthTokenAndRetry(iterableApiRequest);
         }
diff --git a/iterableapi/src/main/java/com/iterable/iterableapi/IterableTaskRunner.java b/iterableapi/src/main/java/com/iterable/iterableapi/IterableTaskRunner.java
@@ -197,7 +197,7 @@ private boolean processTask(@NonNull IterableTask task, boolean autoRetry) {
                     // retain the task and pause processing until a valid JWT is obtained.
                     if (autoRetry && isJwtFailure(response)) {
                         IterableLogger.d(TAG, "JWT auth failure on task " + task.id + ". Retaining task and pausing processing.");
-                        IterableApi.getInstance().getAuthManager().setAuthTokenInvalid();
+                        IterableApi.getInstance().getAuthManager().handleAuthTokenRejection();
                         isPausedForAuth = true;
                         callTaskCompletedListeners(task.id, TaskResult.RETRY, response);
                         return false;
