Skip to content

fix: trigger access token refresh #7149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 13, 2025
Merged

fix: trigger access token refresh #7149

merged 4 commits into from
Nov 13, 2025
+9 −10

Conversation

@tuna1207
Copy link
Member

@tuna1207 tuna1207 commented Nov 13, 2025
edited by cursor bot
Loading

Explanation

  • Previously triggerAccessTokenRefresh was only called during getSubscriptions polling, normal subscription state change didn't trigger it.
    This PR trigger triggerAccessTokenRefresh everytime subscription state change
  • Remove triggerAccessTokenRefresh from startShieldSubscriptionWithCard since that only return stripe checkout url, not subscribed yet.

References

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed, highlighting breaking changes as necessary
  • I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

Note

Refresh access token immediately when subscription state changes and remove redundant refresh triggers in start subscription flows, simplifying poll logic.

  • Subscription Controller (src/SubscriptionController.ts):
    • Trigger triggerAccessTokenRefresh() immediately when getSubscriptions updates state; remove deferred flag and poll-based refresh path.
    • Remove triggerAccessTokenRefresh() after startShieldSubscriptionWithCard and startSubscriptionWithCrypto (checkout/creation only), with clarifying comments.
    • _executePoll now only calls getSubscriptions.
  • Changelog: Document the above behavior changes under [Unreleased].

Written by Cursor Bugbot for commit bc4213d. This will update automatically on new commits. Configure here.

@tuna1207 tuna1207 added team-web3auth area-shield Transaction Shield labels Nov 13, 2025
@tuna1207 tuna1207 marked this pull request as ready for review November 13, 2025 13:04
@tuna1207 tuna1207 requested review from a team as code owners November 13, 2025 13:04
cursor[bot]
cursor bot reviewed Nov 13, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Double Refresh Triggers Unnecessary Sign-Out.

triggerAccessTokenRefresh() is called twice in submitShieldSubscriptionCryptoApproval(): once by startSubscriptionWithCrypto() at line 477, and again by getSubscriptions() at line 393 when it detects the subscription state change. This causes redundant performSignOut calls to the AuthenticationController.

packages/subscription-controller/src/SubscriptionController.ts#L530-L533

core/packages/subscription-controller/src/SubscriptionController.ts

Lines 530 to 533 in d305b7e

};
await this.startSubscriptionWithCrypto(params);
// update the subscriptions state after subscription created in server
await this.getSubscriptions();

Fix in Cursor Fix in Web

lwin-kyaw
lwin-kyaw previously approved these changes Nov 13, 2025
View reviewed changes
@chaitanyapotti chaitanyapotti enabled auto-merge (squash) November 13, 2025 13:20
@chaitanyapotti chaitanyapotti merged commit 9ef4ca0 into main Nov 13, 2025
271 checks passed
@chaitanyapotti chaitanyapotti deleted the fix/subscription-refresh-auth-token branch November 13, 2025 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@chaitanyapotti chaitanyapotti chaitanyapotti approved these changes

@lwin-kyaw lwin-kyaw lwin-kyaw approved these changes

@tanguyenvn tanguyenvn Awaiting requested review from tanguyenvn

Assignees

No one assigned

Labels

area-shield Transaction Shield team-web3auth

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tuna1207 @chaitanyapotti @lwin-kyaw