Refresh access tokens before expiry #89
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We've seen a small number of exceptions in Experience CS[1] which are caused by a 401 response from Editor API. I'm fairly confident these are occurring when the access token used to make the request to Editor API has expired. My hypothesis is that the token is valid at the time the request comes into Experience CS (and therefore the auto refresh behaviour isn't triggered) but is invalid by the time we make the request to Editor API. This change reduces the risk of this happening by refreshing the token if it expires in the next 60 seconds. [1]: https://github.com/RaspberryPiFoundation/experience-cs/issues/914
Test coverage: 100.0% |
floehopper
previously approved these changes
Jul 17, 2025
I've gone with a patch version bump because I think the changed behaviour is closer to a bug fix than it is to backward-compatible additional functionality (minor version bump) or to a backward-incompatible change (major version bump). NOTE. I've manually bumped the version in the individual gemfile.lock files because running `bundle update --conservative rpi_auth` resulted in updates to a number of other unrelated Gems and I didn't want to have to consider those in this PR.
chrisroos
force-pushed
the
refresh-token-before-expiry
branch
from
dbfa89e to
10350f7
Compare
Contributor
Author
|
Thanks, @floehopper - can you review it again now that I've also bumped the version and updated the CHANGELOG, please? |
floehopper
approved these changes
Jul 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We've seen a small number of exceptions in Experience CS which are caused by a 401 response from Editor API. I'm fairly confident these are occurring when the access token used to make the request to Editor API has expired. My hypothesis is that the token is valid at the time the request comes into Experience CS (and therefore the auto refresh behaviour isn't triggered) but is invalid by the time we make the request to Editor API. This change reduces the risk of this happening by refreshing the token if it expires in the next 60 seconds.