Resilient token refresh: retry transient errors, classify before flagging needs_reauth

Previously, any token refresh failure (including Fitbit/Whoop/Oura 500s)
immediately set needs_reauth=true on connected_devices, permanently blocking
the device from cron syncs. A transient provider outage could lock out users
who had perfectly valid refresh tokens.

Changes:
- Add shared token-refresh.ts with TokenRefreshError (permanent flag),
  classifyTokenError (permanent vs transient), and refreshWithRetry
  (3 attempts, exponential backoff 1s/2s/4s)
- Modify fitbit/oura/whoop refreshTokens() to use retry logic
- Modify sync-fitbit/oura/whoop catch blocks: permanent errors set
  needs_reauth=true (401), transient errors skip needs_reauth (503)
- Fix mockFetch spread ordering bug in test-helpers.ts (json/text methods
  were overwritten by ...r spread)
- Fix mock cleanup bug in fitbit/whoop tests (globalThis.fetch = originalFetch
  after fetchStub.restore() poisoned subsequent tests)
- Fix missing env vars in fitbit/whoop test setups

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: schwaaamp

supabase/functions/_shared/fitbit-client.test.ts

@@ -6,6 +6,8 @@
  */
 
 import { createClient } from './supabaseClient.ts';
+import { refreshWithRetry, fetchTokenEndpoint, TokenRefreshError } from './token-refresh.ts';
+export { TokenRefreshError } from './token-refresh.ts';
 
 // Types
 export interface FitbitTokens {
@@ -64,6 +66,9 @@ export async function getFreshTokens(userId: string): Promise<FitbitTokens> {
 
 /**
  * Refresh Fitbit tokens using refresh token
+ * Uses retry with exponential backoff for transient errors (5xx, network).
+ * Throws TokenRefreshError with permanent flag for callers to distinguish
+ * "user needs to re-auth" from "try again next hour".
  */
 export async function refreshTokens(userId: string, refreshToken: string): Promise<FitbitTokens> {
   const clientId = Deno.env.get('FITBIT_CLIENT_ID');
@@ -73,25 +78,21 @@ export async function refreshTokens(userId: string, refreshToken: string): Promi
     throw new Error('Missing FITBIT_CLIENT_ID or FITBIT_CLIENT_SECRET');
   }
 
-  // Make refresh request
-  const response = await fetch(FITBIT_TOKEN_URL, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/x-www-form-urlencoded',
-      'Authorization': `Basic ${btoa(`${clientId}:${clientSecret}`)}`,
-    },
-    body: new URLSearchParams({
-      grant_type: 'refresh_token',
-      refresh_token: refreshToken,
+  // Retry transient errors up to 3 times with exponential backoff
+  const tokenData = await refreshWithRetry(
+    () => fetchTokenEndpoint(FITBIT_TOKEN_URL, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Authorization': `Basic ${btoa(`${clientId}:${clientSecret}`)}`,
+      },
+      body: new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+      }),
     }),
-  });
-
-  if (!response.ok) {
-    const errorData = await response.json().catch(() => ({}));
-    throw new Error(`Failed to refresh Fitbit token: ${JSON.stringify(errorData)}`);
-  }
-
-  const tokenData: FitbitTokenResponse = await response.json();
+    { provider: 'fitbit' }
+  ) as unknown as FitbitTokenResponse;
 
   // Calculate new expiry time
   const expiresAt = new Date(Date.now() + tokenData.expires_in * 1000).toISOString();

supabase/functions/_shared/fitbit-client.ts

@@ -119,14 +119,83 @@ describe('oura-client', () => {
       );
     });
 
+    it('retries on 500 and succeeds on 2nd attempt', async () => {
+      let callCount = 0;
+      globalThis.fetch = vi.fn().mockImplementation(() => {
+        callCount++;
+        if (callCount === 1) {
+          return Promise.resolve({
+            ok: false,
+            status: 500,
+            json: () => Promise.resolve({ error: 'internal_server_error' }),
+          });
+        }
+        return Promise.resolve({
+          ok: true,
+          status: 200,
+          json: () => Promise.resolve({
+            access_token: 'recovered-token',
+            refresh_token: 'new-refresh',
+            expires_in: 3600,
+            token_type: 'Bearer',
+            scope: 'personal daily',
+          }),
+        });
+      });
+
+      const updateEqMock = vi.fn().mockResolvedValue({ error: null });
+      const updateMock = vi.fn(() => ({ eq: updateEqMock }));
+      mockSupabaseClient.from = vi.fn(() => ({ update: updateMock }));
+
+      const result = await refreshTokens('user-123', 'old-refresh-token');
+      expect(result.access_token).toBe('recovered-token');
+      expect(callCount).toBeGreaterThanOrEqual(2);
+    });
+
+    it('throws permanent TokenRefreshError on 400 invalid_grant', async () => {
+      globalThis.fetch = vi.fn().mockResolvedValue({
+        ok: false,
+        status: 400,
+        json: () => Promise.resolve({ error: 'invalid_grant' }),
+      });
+
+      try {
+        await refreshTokens('user-123', 'invalid-token');
+        throw new Error('Should have thrown');
+      } catch (err: any) {
+        expect(err.name).toBe('TokenRefreshError');
+        expect(err.permanent).toBe(true);
+      }
+
+      // Should NOT have retried
+      expect(globalThis.fetch).toHaveBeenCalledTimes(1);
+    });
+
+    it('throws transient TokenRefreshError after exhausting retries on 500', async () => {
+      globalThis.fetch = vi.fn().mockResolvedValue({
+        ok: false,
+        status: 500,
+        json: () => Promise.resolve({ error: 'server_error' }),
+      });
+
+      try {
+        await refreshTokens('user-123', 'refresh-token');
+        throw new Error('Should have thrown');
+      } catch (err: any) {
+        expect(err.name).toBe('TokenRefreshError');
+        expect(err.permanent).toBe(false);
+      }
+    });
+
     it('throws error when refresh fails', async () => {
       globalThis.fetch = vi.fn().mockResolvedValue({
         ok: false,
+        status: 400,
         json: () => Promise.resolve({ error: 'invalid_grant' }),
       });
 
       await expect(refreshTokens('user-123', 'invalid-token')).rejects.toThrow(
-        'Failed to refresh Oura token'
+        'Token refresh failed'
       );
     });
 

supabase/functions/_shared/oura-client.test.ts

@@ -6,6 +6,8 @@
  */
 
 import { createClient } from './supabaseClient.ts';
+import { refreshWithRetry, fetchTokenEndpoint, TokenRefreshError } from './token-refresh.ts';
+export { TokenRefreshError } from './token-refresh.ts';
 
 // Types
 export interface OuraTokens {
@@ -63,6 +65,9 @@ export async function getFreshTokens(userId: string): Promise<OuraTokens> {
 
 /**
  * Refresh Oura tokens using refresh token
+ * Uses retry with exponential backoff for transient errors (5xx, network).
+ * Throws TokenRefreshError with permanent flag for callers to distinguish
+ * "user needs to re-auth" from "try again next hour".
  */
 export async function refreshTokens(userId: string, refreshToken: string): Promise<OuraTokens> {
   const clientId = Deno.env.get('OURA_CLIENT_ID');
@@ -72,26 +77,22 @@ export async function refreshTokens(userId: string, refreshToken: string): Promi
     throw new Error('Missing OURA_CLIENT_ID or OURA_CLIENT_SECRET');
   }
 
-  // Make refresh request
-  const response = await fetch(OURA_TOKEN_URL, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/x-www-form-urlencoded',
-    },
-    body: new URLSearchParams({
-      grant_type: 'refresh_token',
-      refresh_token: refreshToken,
-      client_id: clientId,
-      client_secret: clientSecret,
+  // Retry transient errors up to 3 times with exponential backoff
+  const tokenData = await refreshWithRetry(
+    () => fetchTokenEndpoint(OURA_TOKEN_URL, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+        client_id: clientId,
+        client_secret: clientSecret,
+      }),
     }),
-  });
-
-  if (!response.ok) {
-    const errorData = await response.json().catch(() => ({}));
-    throw new Error(`Failed to refresh Oura token: ${JSON.stringify(errorData)}`);
-  }
-
-  const tokenData: OuraTokenResponse = await response.json();
+    { provider: 'oura' }
+  ) as unknown as OuraTokenResponse;
 
   // Calculate new expiry time
   const expiresAt = new Date(Date.now() + tokenData.expires_in * 1000).toISOString();

supabase/functions/_shared/oura-client.ts

@@ -34,15 +34,19 @@ export function mockFetch(...responses: Partial<Response>[]): Stub {
     activeFetchStub = null;
   }
 
-  const mockResponses = responses.map((r) => ({
-    status: r.status || 200,
-    ok: (r.status || 200) >= 200 && (r.status || 200) < 300,
-    statusText: r.statusText || "OK",
-    headers: new Headers(r.headers || {}),
-    json: () => Promise.resolve((r as any).json || {}),
-    text: () => Promise.resolve((r as any).text || ""),
-    ...r,
-  }));
+  const mockResponses = responses.map((r) => {
+    const jsonData = (r as any).json;
+    const textData = (r as any).text;
+    return {
+      ...r,
+      status: r.status || 200,
+      ok: (r.status || 200) >= 200 && (r.status || 200) < 300,
+      statusText: r.statusText || "OK",
+      headers: new Headers(r.headers || {}),
+      json: () => Promise.resolve(jsonData || {}),
+      text: () => Promise.resolve(textData || ""),
+    };
+  });
 
   let callIndex = 0;