Skip to content

test(auth): add comprehensive token refresh test coverage #14688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pgbezerra wants to merge 1 commit into from
Closed

test(auth): add comprehensive token refresh test coverage #14688

pgbezerra wants to merge 1 commit into from

Conversation

@pgbezerra
Copy link

@pgbezerra pgbezerra commented Jan 26, 2026
edited
Loading

This PR adds test coverage for the getTokens() method in TokenOrchestrator to verify token refresh behavior. These tests were created to investigate issue #14618 where users reported that tokens were not being refreshed automatically.

New Test Cases

Test Case Description
No tokens stored Returns null when token store is empty
Valid tokens Returns tokens without triggering refresh
Expired access token Triggers refresh when access token is expired
Expired ID token Triggers refresh when ID token is expired
Both tokens expired Triggers refresh when both tokens are expired
forceRefresh option Triggers refresh even with valid tokens
signInDetails preservation Preserves signInDetails after token refresh
NotAuthorizedException Returns null and clears tokens
Network error Throws error (doesn't swallow) and preserves tokens
Missing idToken No refresh when idToken missing but accessToken valid
clientMetadata Passes clientMetadata to token refresher
Token storage Stores new tokens after successful refresh

Test Results

All 22 tests pass in tokenOrchestrator.test.ts (10 existing + 12 new), and all 1156 tests pass in the auth package with no regressions.

Findings

These tests prove that the core token refresh logic is working correctly:

  • ✅ Expired access tokens DO trigger automatic refresh
  • ✅ Expired ID tokens DO trigger automatic refresh
  • ✅ The forceRefresh option works as expected
  • signInDetails are preserved after refresh
  • ✅ Error handling is proper (NotAuthorizedException returns null, network errors are thrown)
  • ✅ New tokens are stored after successful refresh

This suggests that issues reported in #14618 may be related to specific user configurations (token storage, Cognito settings, race conditions, etc.) rather than the core refresh mechanism itself.

Related Issues

@pgbezerra @claude
test(auth): add comprehensive token refresh test coverage (aws-amplif…
df5b60e 
…y#14618)

Add test cases for the getTokens() method in TokenOrchestrator to verify
token refresh behavior when tokens expire. These tests prove that:

- Expired access tokens trigger automatic refresh
- Expired ID tokens trigger automatic refresh
- forceRefresh option works correctly with valid tokens
- signInDetails are preserved after token refresh
- NotAuthorizedException returns null and clears tokens
- Network errors are thrown (not swallowed)
- clientMetadata is passed to the token refresher
- New tokens are stored after successful refresh

All 12 new tests pass, confirming the core token refresh logic works
as expected. This suggests issues reported in aws-amplify#14618 may be related
to specific user configurations rather than the refresh mechanism itself.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@pgbezerra pgbezerra force-pushed the test/token-refresh-coverage-14618 branch from c750c9b to df5b60e Compare January 26, 2026 19:36
This was referenced Jan 26, 2026
Closed
Open
@pgbezerra
Copy link
Author

pgbezerra commented Jan 26, 2026

Implemented in #14689

@pgbezerra pgbezerra closed this Jan 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pranavosu pranavosu Awaiting requested review from pranavosu pranavosu is a code owner

@sarayev sarayev Awaiting requested review from sarayev sarayev is a code owner

@avi-karthik avi-karthik Awaiting requested review from avi-karthik avi-karthik is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Auth] fetchAuthSession() does not auto-refresh tokens in CUSTOM_WITHOUT_SRP flow

1 participant

@pgbezerra