feat: Add automatic retry mechanism for credential renewal to improve the reliability in unstable network conditions#1063
Conversation
| self.storeKey = storeKey | ||
| self.authentication = authentication | ||
| self.sendableStorage = SendableBox(value: storage) | ||
| self.maxRetries = max(0, maxRetries) |
There was a problem hiding this comment.
i havent added automatic retry at network request level because that would be ebhavioral changes . so currently only looking to address the github issue where credential renwewal can fail in mobile patch network scenario.
currently there is dpop hanlding for retry but its a bit coupled. Will plan in major release to move retry at network level and make it more reusable across SDK . this would need more changes.
There was a problem hiding this comment.
Pull request overview
This PR introduces an automatic retry mechanism for credential renewal operations to improve reliability when facing transient network failures, particularly important for mobile applications operating on unstable networks.
Key Changes
- Adds configurable retry support with exponential backoff for credential renewal failures
- Implements
isRetryableproperty onAuth0APIErrorto identify transient errors (network issues, rate limiting, server errors) - Includes comprehensive test coverage for various retry scenarios including success, exhaustion, and non-retryable errors
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| EXAMPLES.md | Adds comprehensive documentation explaining the retry mechanism, configuration, and Auth0 tenant setup requirements |
| Auth0Tests/Responses.swift | Adds test helper functions for simulating network errors, rate limiting, and server errors |
| Auth0Tests/CredentialsManagerSpec.swift | Adds extensive test suite covering retry scenarios, exponential backoff, and compatibility with async/await and Combine |
| Auth0/CredentialsManager.swift | Implements retry logic with exponential backoff in credential renewal flow, adds maxRetries parameter |
| Auth0/Auth0APIError.swift | Adds isRetryable property to identify transient errors suitable for retry |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
EXAMPLES.md
Outdated
| 1. Request A calls `credentials()` and starts a token refresh | ||
| 2. Request A successfully hits the server and gets new credentials | ||
| 3. Request A fails on the way back (network issue), never reaching the client | ||
| 4. Later, request B retries with the same (old) refresh token |
There was a problem hiding this comment.
The wording in step 4 could be misleading. It says "Later, request B retries with the same (old) refresh token" which suggests a different, separate request happens later. However, the retry mechanism implemented automatically retries the SAME request. Consider rephrasing to clarify this is an automatic retry of the failed request, not a separate subsequent request. For example: "The retry mechanism automatically retries the request with the same (old) refresh token".
| 4. Later, request B retries with the same (old) refresh token | |
| 4. The retry mechanism automatically retries the failed request using the same (old) refresh token |
Auth0/CredentialsManager.swift
Outdated
| callback: callback) | ||
| } | ||
| } else { | ||
| complete() |
There was a problem hiding this comment.
lets call complete() as soon as failure block is recieved
| forceRenewal: Bool, | ||
| retryCount: Int, | ||
| callback: @escaping (CredentialsManagerResult<Credentials>) -> Void) { | ||
| SynchronizationBarrier.shared.execute { complete in |
There was a problem hiding this comment.
Credential Manager is a struct
sanchitmehtagit
changed the title
* master: Release 2.16.3 (#1073) Mention vision iOS support in readme file, fix typos and update links in docs (#1072) Fix memory leak in ASUserAgent by clearing static currentSession (#1071) Bump ruby/setup-ruby from 1.271.0 to 1.280.0 in /.github/actions/setup (#1065) JDI: Update README based on feedback (#1066) Release 2.16.2 (#1064) feat: Add automatic retry mechanism for credential renewal (#1063) Improve the discoverability of examples documentation for better DX (#1062)
3 participants
📋 Changes
Summary
This change addresses auth0/react-native-auth0#1374
by improving the reliability of token renewal in unstable network conditions.
While this update was initially driven by a request from a React Native SDK consumer, reliable credential renewal is a critical requirement for mobile scenarios in general. As such, this capability is also applicable to Swift SDK consumers and can be leveraged to improve the robustness of credential renewal.
We should recommend this approach to Swift SDK developers who encounter similar ESDs or issues.
Background / Problem
A scenario highlighted by the community:
getCredentials()and initiates a token refresh.On mobile networks, which are often unreliable, this scenario is realistic. In such cases, even if the user retries later on a stable network, the refresh attempt may fail because the refresh token could already be expired by that time.
Proposed Solution
This PR introduces retry support for transient failures to better leverage Auth0’s refresh token rotation overlap period, allowing safe retries when the server-side renewal succeeds but the response never reaches the client.
Changes Included
Implement exponential backoff retry logic for transient errors in
CredentialsManagerAdd a configurable
maxRetriesparameter (default:0, disabled)Introduce
Auth0APIError.isRetryableutility for SDK-wide retry detectionAdd comprehensive documentation to
EXAMPLES.md, covering:429), and server errors (5xx)Outcome
The retry mechanism improves resilience in real-world mobile conditions by safely retrying renewal requests within the refresh token overlap window, reducing unnecessary authentication failures without changing default behavior.
📎 References
🎯 Testing