-
Notifications
You must be signed in to change notification settings - Fork 3.9k
[Payment due @nyomanjyotisa] Fix stuck isAuthenticatingWithShortLivedToken blocking auto-reauth #91633
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
mountiny
merged 11 commits into
Expensify:main
from
allgandalf:fix-stuck-isAuthenticatingWithShortLivedToken
Jun 3, 2026
Merged
[Payment due @nyomanjyotisa] Fix stuck isAuthenticatingWithShortLivedToken blocking auto-reauth #91633
Changes from all commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
e41d224
Add RAM-only key for isAuthenticatingWithShortLivedToken
allgandalf 702fb89
Register RAM-only auth flag in Onyx.init
allgandalf e3691ba
Move isAuthenticatingWithShortLivedToken to RAM-only key in getShortL…
allgandalf 1fb603a
Read isAuthenticatingWithShortLivedToken from RAM-only key in Reauthe…
allgandalf bed65d5
Remove isAuthenticatingWithShortLivedToken from Session type
allgandalf 990c3fc
Read isAuthenticatingWithShortLivedToken from RAM-only key in AppState
allgandalf 64a2f01
Add unit tests for RAM-only auth flag and legacy session recovery
allgandalf 4669471
Merge branch 'Expensify:main' into fix-stuck-isAuthenticatingWithShor…
allgandalf 17410df
Merge branch 'Expensify:main' into fix-stuck-isAuthenticatingWithShor…
allgandalf 25403dd
Merge branch 'Expensify:main' into fix-stuck-isAuthenticatingWithShor…
allgandalf 4aba517
Merge branch 'Expensify:main' into fix-stuck-isAuthenticatingWithShor…
allgandalf File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if we update the app version and the user has
isAuthenticatingWithShortLivedTokenin the session and not in the ram only key? should we temporarily coalesce both values here to cover this case and then later remove the key from the session?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think coalescing them would actually re-trap the stuck users :)
the whole point of moving the flag to RAM-only is that we stop reading
session.isAuthenticatingWithShortLivedToken. that persisted field IS the bug. currently-stuck users have it persisted astruein IndexedDB and the legacy code reads it back on every reload, blocking every reauth attempt. by ignoring it in the new code, they get unblocked on the next reload because the RAM-only key starts undefined.if we OR both values here, a stuck user's
session.isAuthenticatingWithShortLivedToken=truewould still evaluate to true and reauth would keep aborting, which is exactly what we are trying to escape from.the second unit test (
reauthenticate proceeds even when a legacy session.isAuthenticatingWithShortLivedToken=true is persisted) covers this app-upgrade scenario: legacy stuck session field + undefined RAM-only key -> reauth proceeds normally.also fwiw, this
AppStatefile is just the diagnostic log captured when ActivityIndicator hangs. it isnt the actual reauth abort path, that lives inReauthentication.ts. the log reflecting the new RAM-only state is correct (it shows what reauth actually reads, not the dead legacy value).happy to add a follow-up cleanup migration to delete the leftover
session.isAuthenticatingWithShortLivedTokenfrom IndexedDB if you want it gone, but the fix here doesnt depend on it. WDYT?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nah I think we can leave it