CCCT-1929 Refetch SSO Token On Invalid Token Error

[conroy-ricketts]

CCCT-1929

Technical Summary

Practically speaking, there are only two scenarios in which Mobile will see an INVALID_TOKEN error code from an API call in PersonalID:

1. The configuration session auth is invalid as no session could be found with token (note: this is different from an "expired token").
2. When the firebase UID is not present when validating the firebase ID token.

From my investigations, I confirmed that we will not be able to refetch the SSO token during the PersonalID signup flow simply because the user does not exist yet. Therefore, at least for PersonalID, we should not refetch the SSO token when we see the INVALID_TOKEN error code.

I had some discussions with the team, and the consensus seems to be that we should crash the app whenever we see either of those two scenarios that I listed above. So I tweaked the code to route a Throwable (created in the handleErrorCodeIfPresent() function in PersonalIdApiHandler) to a new Runtime Exception (via the handle() function in PersonalIdOrConnectApiErrorHandler). Also, we should not change the error handling for API calls in Connect (the scope here is only PersonalID).

Safety Assurance

Safety story

To verify these changes, I...

1. In our PersonalIdApiHandler class, set breakpoints inside both the API method validateFirebaseIdToken() and the error code handler method handleErrorCodeIfPresent() (I later repeated this for all the other API methods that use a token)
2. When the breakpoint for the API was hit, used the Evaluate Expression tool in AS to run sessionData.setToken("invalid_token")
3. Verified that the Server responded with the INVALID_TOKEN error code
4. Verified that my app crashed with the log message
   "java.lang.RuntimeException: java.lang.Throwable: The configuration session auth is invalid or the firebase UID was not found."

QA Plan

I do not think that QA is necessary for this.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes improve error handling in the PersonalID API handler by passing a descriptive error message when token validation fails, replacing a previous null error payload. Additionally, a comment in the base API handler was updated to clarify the scenarios where the TOKEN_INVALID_ERROR code is triggered, including missing session matching or missing Firebase UID.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title mentions 'Refetch SSO Token' but the PR actually prevents SSO token refetching for PersonalID; it does not implement refetching.	Update title to accurately reflect the change, e.g., 'CCCT-1929 Crash on Invalid Token Error in PersonalID' or 'CCCT-1929 Do Not Refetch SSO Token on PersonalID Invalid Token Error'.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description follows the repository template with all required sections completed: Product Description (N/A - non-visible changes), Technical Summary with context and rationale, Safety Assurance including safety story and testing approach, and QA Plan statement.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch CCCT-1929-refetch-sso-token-on-invalid-token-error

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[shubham1g5]

we should remove - The firebase ID token is invalid as that's being repeated later on and the configuration session auth is independent of Firebase.

[conroy-ricketts]

Good catch! - 9d92d1a

[Jignesh-dimagi]

@conroy-ricketts As I understand, this INVALID_TOKEN error is thrown for 2 reasons, viz., if the session is invalid or the Firebase UID is invalid (only for Firebase OTP). So as per this implementation, it will only throw an exception as the 2nd reason only.

Can we make use of `errorSubCode '' (not sure if it's coming from INVALID_TOKEN) to exactly define the Throwable?

[conroy-ricketts]

Oh yeah thanks for catching that!

I did some more debugging to see what happens for other PersonalID API methods when the token is invalid (i.e. validateFirebaseIdToken(), addOrVerifyNameCall(), confirmBackupCode(), sendOtp(), and validateOtp())

Unfortunately, I saw that whenever we get an INVALID_TOKEN error code from Server, the error_sub_code is always empty. So, I tweaked the error message to be a bit more ambiguous - a82de79