Summary

Phase 3 of the auth flow revamp: Replace setTimeout with browser.alarms API for scheduling JWT token refresh. This ensures token refresh survives service worker suspension, which is critical for maintaining authentication state in MV3 extensions.

Problem

In Manifest V3 extensions, service workers can be suspended at any time by the browser. When this happens, any scheduled setTimeout callbacks are lost, meaning JWT refresh might never occur, leading to expired tokens and unexpected auth failures.

Solution

Use browser.alarms API which persists across service worker restarts:

1. Alarm-based scheduling: Token refresh is scheduled using browser.alarms.create() instead of setTimeout
2. Alarm handler: Background script listens for alarm events and triggers refresh
3. Graceful fallback: Falls back to setTimeout in contexts where alarms API is unavailable (e.g., content scripts)

Exponential Backoff

When refresh fails, the system retries with exponential backoff:

• 1st failure: Retry after 1 minute
• 2nd failure: Retry after 2 minutes
• 3rd failure: Clear auth state, emit jwt:auth:failed event

This prevents hammering the server during outages while still attempting recovery.

Files Changed

Test plan

• Build succeeds
• All 655 tests pass
• Manual test: Verify token refreshes after service worker suspension
• Manual test: Verify exponential backoff on refresh failure
• Manual test: Verify auth clears after 3 failures

🤖 Generated with Claude Code