PM-20593: Always refresh the token before a sync request

2025-12-10 20:07:59 -06:00 · 2025-10-02 14:46:07 -05:00 · 2025-10-02 14:46:07 -05:00 · 509322c972
commit 509322c972
parent 9f63cede11
3 changed files with 7 additions and 3 deletions
--- a/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
+++ b/app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
@ -303,8 +303,6 @@ class AuthRepositoryImpl(
            .syncOrgKeysFlow
            .onEach { userId ->
                if (userId == activeUserId) {
-                    // TODO: [PM-20593] Investigate why tokens are explicitly refreshed.
-                    refreshAccessTokenSynchronously(userId = userId)
                    // We just sync now to get the latest data
                    vaultRepository.sync(forced = true)
                } else {
--- a/network/src/main/kotlin/com/bitwarden/network/api/SyncApi.kt
+++ b/network/src/main/kotlin/com/bitwarden/network/api/SyncApi.kt
@ -3,6 +3,7 @@ package com.bitwarden.network.api
 import com.bitwarden.network.model.NetworkResult
 import com.bitwarden.network.model.SyncResponseJson
 import retrofit2.http.GET
+import retrofit2.http.Headers

 /**
 * This interface defines the API service for fetching vault data.
@ -13,6 +14,7 @@ internal interface SyncApi {
     *
     * @return A [SyncResponseJson] containing the vault response model.
     */
+    @Headers("Access-Token-Sync: true")
    @GET("sync")
    suspend fun sync(): NetworkResult<SyncResponseJson>

--- a/network/src/main/kotlin/com/bitwarden/network/interceptor/AuthTokenManager.kt
+++ b/network/src/main/kotlin/com/bitwarden/network/interceptor/AuthTokenManager.kt
@ -15,6 +15,7 @@ import java.time.Clock
 import java.time.Instant
 import java.time.temporal.ChronoUnit

+private const val AUTH_TOKEN_SYNC_HEADER: String = "Access-Token-Sync"
 private const val MISSING_TOKEN_MESSAGE: String = "Auth token is missing!"
 private const val MISSING_PROVIDER_MESSAGE: String = "Refresh token provider is missing!"
 private const val EXPIRATION_OFFSET_MINUTES: Long = 5L
@ -79,7 +80,9 @@ internal class AuthTokenManager(
            val expirationTime = Instant
                .ofEpochSecond(tokenData.expiresAtSec)
                .minus(EXPIRATION_OFFSET_MINUTES, ChronoUnit.MINUTES)
-            if (clock.instant().isAfter(expirationTime)) {
+            if (clock.instant().isAfter(expirationTime) ||
+                chain.request().header(AUTH_TOKEN_SYNC_HEADER).toBoolean()
+            ) {
                Timber.d("Attempting to refresh token due to expiration")
                refreshTokenProvider
                    ?.refreshAccessTokenSynchronously(userId = tokenData.userId)
@ -92,6 +95,7 @@ internal class AuthTokenManager(
        val request = chain
            .request()
            .newBuilder()
+            .removeHeader(AUTH_TOKEN_SYNC_HEADER)
            .addHeader(
                name = HEADER_KEY_AUTHORIZATION,
                value = "${HEADER_VALUE_BEARER_PREFIX}$token",