Debugging Token Management in the ILiv Project

TL;DR

• Implemented retry mechanism for API token retrieval to handle transient failures.
• Utilized singleton pattern to manage token refresh promises, ensuring only one refresh process runs concurrently.
• Explored Auth0’s getCredentials; confirmed it handles automatic token renewal, impacting refresh logic.
• Debugged issues with backend connections; observed platform differences in error handling.

Back at troubleshooting the ILiv project, today’s focus was on managing our token effectively, particularly around the refresh process. I’ve integrated a retry strategy for getting the access token. The operation retries up to three times with a 500ms delay in between attempts. This change aims to tackle transient connectivity issues without overwhelming Auth0 with requests.

Token Manager: Singleton and Cooldown

Incorporating a new TokenManager class, I ensured it behaves as a singleton to only allow a single promise to manage credentials refresh. This was critical to prevent multiple refreshes happening simultaneously, which could mess up state and exceed Auth0’s rate limits. The method checks for ongoing promises to return existing ones, avoiding unnecessary new requests.

Moreover, to prevent excessive hits to Auth0, I implemented a cooldown period of 1000ms before a token refresh can be initiated. If a promise doesn’t exist and this cooldown has passed, the system will then proceed to attempt a refresh.

Refreshing Tokens with Proper Sync

Initial refresh calls in my auth context use the method getOrRefreshCredentials, handling asynchronicity by utilizing promises. This includes checking a single promise existing to avoid redundant calls. While rebuilding, the process gets slower, clearly indicating the app recompilation needs optimization.

iOS vs Android Error Handling

While testing, I noticed discrepancies in handling backend issues between iOS and Android devices. iOS devices fell into a perpetual loading state when pointed to an incorrect backend. Meanwhile, Android devices managed to land on the onboarding screen but displayed translation keys instead of actual text. Neither platforms effectively displayed connectivity errors via snack bars as intended, indicating a flaw in error propagation.

Auth0’s getCredentials Method Deep Dive

Later, I researched Auth0’s getCredentials method to clarify its internal workings. The documentation confirmed that it automatically handles token renewal using stored refresh tokens, ensuring valid credentials are maintained. Understanding this was pivotal as it influences how my refresh logic interacts with stored credentials.

Rebuilding and Further Plans

As I rebuild the application, aligning base URLs with the running Metro instance, persisting issues require attentive debugging. Ultimately, enhancing internal token handling logic to anticipate edge cases effectively while experimenting with Auth0’s token rotation features for more robust management seems like the next step.

This iterative refinement and understanding of our token management process is requisite to moving the ILiv project towards a more stable release, especially managing cross-platform differences effectively.