Skip to content

fix(embedded-sdk): handle malformed JWT refresh timing#40490

Open
LohitG wants to merge 1 commit into
apache:masterfrom
LohitG:fix/embedded-sdk-malformed-jwt-refresh
Open

fix(embedded-sdk): handle malformed JWT refresh timing#40490
LohitG wants to merge 1 commit into
apache:masterfrom
LohitG:fix/embedded-sdk-malformed-jwt-refresh

Conversation

@LohitG
Copy link
Copy Markdown

@LohitG LohitG commented May 28, 2026

SUMMARY

getGuestTokenRefreshTiming currently decodes the guest token before applying its fallback timing logic. If the token string itself is malformed or undecodable, jwtDecode can throw before the fallback path runs.

This wraps the decode and expiration parsing logic in a try/catch, so malformed guest tokens fall back to the existing default refresh timing instead of throwing.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A - no UI changes.

TESTING INSTRUCTIONS

cd superset-embedded-sdk
npm test

Result:

Test Suites: 1 passed, 1 total
Tests:       8 passed, 8 total

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration
  • Introduces new feature or API
  • Removes existing feature or API

@LohitG
fix(embedded-sdk): handle malformed JWT refresh timing
795c79b 
Wrap guest token decoding in defensive error handling so malformed tokens use the default refresh timing instead of throwing before fallback logic runs.

Add regression coverage for malformed, empty, and invalid-base64 token inputs.
@dosubot dosubot Bot added the embedded label May 28, 2026
@bito-code-review
Copy link
Copy Markdown
Contributor

bito-code-review Bot commented May 28, 2026
edited
Loading

Code Review Agent Run #3b5890

Actionable Suggestions - 0
Filtered by Review Rules

Bito filtered these suggestions based on rules created automatically for your feedback. Manage rules.

  • superset-embedded-sdk/src/guestTokenRefresh.ts - 1
Review Details
  • Files reviewed - 2 · Commit Range: 795c79b..795c79b
    • superset-embedded-sdk/src/guestTokenRefresh.test.ts
    • superset-embedded-sdk/src/guestTokenRefresh.ts
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • Eslint (Linter) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

embedded size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LohitG