Auth Retry Release

CHANGELOG.md

@@ -4,6 +4,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## Unreleased
 - Replaced the deprecated `AsyncTask`-based push notification handling with `WorkManager` for improved reliability and compatibility with modern Android versions. No action is required.
+- Fixed lost event tracking and missed API calls with an auto-retry feature for JWT token failures.
 
 ## [3.6.6]
 ### Fixed

iterableapi/src/main/java/com/iterable/iterableapi/ApiEndpointClassification.java

@@ -0,0 +1,27 @@
+package com.iterable.iterableapi;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+class ApiEndpointClassification {
+
+    private static final Set<String> DEFAULT_UNAUTHENTICATED = new HashSet<>(Arrays.asList(
+            IterableConstants.ENDPOINT_DISABLE_DEVICE,
+            IterableConstants.ENDPOINT_GET_REMOTE_CONFIGURATION,
+            IterableConstants.ENDPOINT_MERGE_USER,
+            IterableConstants.ENDPOINT_CRITERIA_LIST,
+            IterableConstants.ENDPOINT_TRACK_UNKNOWN_SESSION,
+            IterableConstants.ENDPOINT_TRACK_CONSENT
+    ));
+
+    private volatile Set<String> unauthenticatedPaths = new HashSet<>(DEFAULT_UNAUTHENTICATED);
+
+    boolean requiresJwt(String path) {
+        return !unauthenticatedPaths.contains(path);
+    }
+
+    void updateFromRemoteConfig(Set<String> paths) {
+        this.unauthenticatedPaths = new HashSet<>(paths);
+    }
+}

iterableapi/src/main/java/com/iterable/iterableapi/IterableApi.java

@@ -43,10 +43,12 @@ public class IterableApi {
     private IterableNotificationData _notificationData;
     private String _deviceId;
     private boolean _firstForegroundHandled;
+    private boolean _autoRetryOnJwtFailure;
     private IterableHelper.SuccessHandler _setUserSuccessCallbackHandler;
     private IterableHelper.FailureHandler _setUserFailureCallbackHandler;
 
     IterableApiClient apiClient = new IterableApiClient(new IterableApiAuthProvider());
+    final ApiEndpointClassification apiEndpointClassification = new ApiEndpointClassification();
     private static final UnknownUserMerge unknownUserMerge = new UnknownUserMerge();
     private @Nullable UnknownUserManager unknownUserManager;
     private @Nullable IterableInAppManager inAppManager;
@@ -104,6 +106,14 @@ public void execute(@Nullable String data) {
                     SharedPreferences sharedPref = sharedInstance.getMainActivityContext().getSharedPreferences(IterableConstants.SHARED_PREFS_SAVED_CONFIGURATION, Context.MODE_PRIVATE);
                     SharedPreferences.Editor editor = sharedPref.edit();
                     editor.putBoolean(IterableConstants.SHARED_PREFS_OFFLINE_MODE_KEY, offlineConfiguration);
+
+                    // Parse autoRetry flag from remote config.
+                    if (jsonData.has(IterableConstants.KEY_AUTO_RETRY)) {
+                        boolean autoRetryRemote = jsonData.getBoolean(IterableConstants.KEY_AUTO_RETRY);
+                        editor.putBoolean(IterableConstants.SHARED_PREFS_AUTO_RETRY_KEY, autoRetryRemote);
+                        _autoRetryOnJwtFailure = autoRetryRemote;
+                    }
+
                     editor.apply();
                 } catch (JSONException e) {
                     IterableLogger.e(TAG, "Failed to read remote configuration");
@@ -194,6 +204,15 @@ static void loadLastSavedConfiguration(Context context) {
         SharedPreferences sharedPref = context.getSharedPreferences(IterableConstants.SHARED_PREFS_SAVED_CONFIGURATION, Context.MODE_PRIVATE);
         boolean offlineMode = sharedPref.getBoolean(IterableConstants.SHARED_PREFS_OFFLINE_MODE_KEY, false);
         sharedInstance.apiClient.setOfflineProcessingEnabled(offlineMode);
+
+        sharedInstance._autoRetryOnJwtFailure = sharedPref.getBoolean(IterableConstants.SHARED_PREFS_AUTO_RETRY_KEY, false);
+    }
+
+    /**
+     * Returns whether auto-retry on JWT failure is enabled, as determined by remote configuration.
+     */
+    boolean isAutoRetryOnJwtFailure() {
+        return _autoRetryOnJwtFailure;
     }
 
     /**

iterableapi/src/main/java/com/iterable/iterableapi/IterableApiClient.java

@@ -52,17 +52,20 @@ private RequestProcessor getRequestProcessor() {
     }
 
     void setOfflineProcessingEnabled(boolean offlineMode) {
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
-            if (offlineMode) {
-                if (this.requestProcessor == null || this.requestProcessor.getClass() != OfflineRequestProcessor.class) {
-                    this.requestProcessor = new OfflineRequestProcessor(authProvider.getContext());
-                }
-            } else {
-                if (this.requestProcessor == null || this.requestProcessor.getClass() != OnlineRequestProcessor.class) {
-                    this.requestProcessor = new OnlineRequestProcessor();
-                }
-            }
+        if (offlineMode && this.requestProcessor instanceof OfflineRequestProcessor) {
+            return;
         }
+        if (!offlineMode && this.requestProcessor instanceof OnlineRequestProcessor) {
+            return;
+        }
+
+        if (this.requestProcessor instanceof OfflineRequestProcessor) {
+            ((OfflineRequestProcessor) this.requestProcessor).dispose();
+        }
+
+        this.requestProcessor = offlineMode
+                ? new OfflineRequestProcessor(authProvider.getContext())
+                : new OnlineRequestProcessor();
     }
 
     void getRemoteConfiguration(IterableHelper.IterableActionHandler actionHandler) {

iterableapi/src/main/java/com/iterable/iterableapi/IterableAuthManager.java

@@ -9,6 +9,7 @@
 import org.json.JSONObject;
 
 import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
 import java.util.Timer;
 import java.util.TimerTask;
 import java.util.concurrent.ExecutorService;
@@ -18,6 +19,25 @@ public class IterableAuthManager implements IterableActivityMonitor.AppStateCall
     private static final String TAG = "IterableAuth";
     private static final String expirationString = "exp";
 
+    /**
+     * Represents the state of the JWT auth token.
+     * VALID: Last request succeeded with this token.
+     * INVALID: A 401 JWT error was received; processing should pause.
+     * UNKNOWN: A new token was obtained but not yet verified by a request.
+     */
+    enum AuthState {
+        VALID,
+        INVALID,
+        UNKNOWN
+    }
+
+    /**
+     * Listener interface for components that need to react when a new auth token is ready.
+     */
+    interface AuthTokenReadyListener {
+        void onAuthTokenReady();
+    }
+
     private final IterableApi api;
     private final IterableAuthHandler authHandler;
     private final long expiringAuthTokenRefreshPeriod;
@@ -34,6 +54,9 @@ public class IterableAuthManager implements IterableActivityMonitor.AppStateCall
     private volatile boolean isTimerScheduled;
     private volatile boolean isInForeground = true; // Assume foreground initially
 
+    private volatile AuthState authState = AuthState.UNKNOWN;
+    private final ArrayList<AuthTokenReadyListener> authTokenReadyListeners = new ArrayList<>();
+
     private final ExecutorService executor = Executors.newSingleThreadExecutor();
 
     IterableAuthManager(IterableApi api, IterableAuthHandler authHandler, RetryPolicy authRetryPolicy, long expiringAuthTokenRefreshPeriod) {
@@ -45,6 +68,58 @@ public class IterableAuthManager implements IterableActivityMonitor.AppStateCall
         this.activityMonitor.addCallback(this);
     }
 
+    void addAuthTokenReadyListener(AuthTokenReadyListener listener) {
+        authTokenReadyListeners.add(listener);
+    }
+
+    void removeAuthTokenReadyListener(AuthTokenReadyListener listener) {
+        authTokenReadyListeners.remove(listener);
+    }
+
+    /**
+     * Returns true if the auth token is in a state that allows requests to proceed.
+     * Requests can proceed when auth state is VALID or UNKNOWN (newly obtained token).
+     * If no authHandler is configured (JWT not used), this always returns true.
+     */
+    boolean isAuthTokenReady() {
+        if (authHandler == null) {
+            return true;
+        }
+        return authState != AuthState.INVALID;
+    }
+
+    /**
+     * Marks the auth token as invalid. Called when a 401 JWT error is received.
+     */
+    void setAuthTokenInvalid() {
+        setAuthState(AuthState.INVALID);
+    }
+
+    AuthState getAuthState() {
+        return authState;
+    }
+
+    /**
+     * Centralized auth state setter. Notifies AuthTokenReadyListeners only when
+     * transitioning from INVALID to a ready state (UNKNOWN or VALID), which means
+     * a new token has been obtained after a prior auth failure.
+     */
+    private void setAuthState(AuthState newState) {
+        AuthState previousState = this.authState;
+        this.authState = newState;
+
+        if (previousState == AuthState.INVALID && newState != AuthState.INVALID) {
+            notifyAuthTokenReadyListeners();
+        }
+    }
+
+    private void notifyAuthTokenReadyListeners() {
+        ArrayList<AuthTokenReadyListener> listenersCopy = new ArrayList<>(authTokenReadyListeners);
+        for (AuthTokenReadyListener listener : listenersCopy) {
+            listener.onAuthTokenReady();
+        }
+    }
+
     public synchronized void requestNewAuthToken(boolean hasFailedPriorAuth, IterableHelper.SuccessHandler successCallback) {
         requestNewAuthToken(hasFailedPriorAuth, successCallback, true);
     }
@@ -61,6 +136,9 @@ void reset() {
 
     void setIsLastAuthTokenValid(boolean isValid) {
         isLastAuthTokenValid = isValid;
+        if (isValid) {
+            setAuthState(AuthState.VALID);
+        }
     }
 
     void resetRetryCount() {
@@ -132,6 +210,9 @@ public void run() {
 
     private void handleAuthTokenSuccess(String authToken, IterableHelper.SuccessHandler successCallback) {
         if (authToken != null) {
+            // Token obtained but not yet verified by a request - set state to UNKNOWN.
+            // setAuthState will notify listeners only if previous state was INVALID.
+            setAuthState(AuthState.UNKNOWN);
             IterableApi.getInstance().setAuthToken(authToken);
             queueExpirationRefresh(authToken);
 

iterableapi/src/main/java/com/iterable/iterableapi/IterableConstants.java

@@ -56,6 +56,7 @@ public final class IterableConstants {
     public static final String KEY_INBOX_SESSION_ID     = "inboxSessionId";
     public static final String KEY_EMBEDDED_SESSION_ID     = "id";
     public static final String KEY_OFFLINE_MODE         = "offlineMode";
+    public static final String KEY_AUTO_RETRY           = "autoRetry";
     public static final String KEY_FIRETV = "FireTV";
     public static final String KEY_CREATE_NEW_FIELDS    = "createNewFields";
     public static final String KEY_IS_USER_KNOWN = "isUserKnown";
@@ -130,6 +131,7 @@ public final class IterableConstants {
     public static final String SHARED_PREFS_FCM_MIGRATION_DONE_KEY = "itbl_fcm_migration_done";
     public static final String SHARED_PREFS_SAVED_CONFIGURATION = "itbl_saved_configuration";
     public static final String SHARED_PREFS_OFFLINE_MODE_KEY = "itbl_offline_mode";
+    public static final String SHARED_PREFS_AUTO_RETRY_KEY = "itbl_auto_retry";
     public static final String SHARED_PREFS_EVENT_LIST_KEY = "itbl_event_list";
     public static final String SHARED_PREFS_USER_UPDATE_OBJECT_KEY = "itbl_user_update_object";
     public static final String SHARED_PREFS_UNKNOWN_SESSIONS = "itbl_unknown_sessions";

iterableapi/src/main/java/com/iterable/iterableapi/IterablePushNotificationUtil.java

@@ -14,6 +14,10 @@ class IterablePushNotificationUtil {
     private static PendingAction pendingAction = null;
     private static final String TAG = "IterablePushNotificationUtil";
 
+    static void clearPendingAction() {
+        pendingAction = null;
+    }
+
     static boolean processPendingAction(Context context) {
         boolean handled = false;
         if (pendingAction != null) {

iterableapi/src/main/java/com/iterable/iterableapi/IterableRequestTask.java

@@ -18,6 +18,7 @@
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.io.OutputStreamWriter;
@@ -153,20 +154,27 @@ static IterableApiResponse executeApiRequest(IterableApiRequest iterableApiReque
                 // Read the response body
                 try {
                     BufferedReader in;
-                    if (responseCode < 400) {
+                    if (responseCode >= 0 && responseCode < 400) {
                         in = new BufferedReader(
                                 new InputStreamReader(urlConnection.getInputStream()));
                     } else {
-                        in = new BufferedReader(
-                                new InputStreamReader(urlConnection.getErrorStream()));
+                        InputStream errorStream = urlConnection.getErrorStream();
+                        if (errorStream != null) {
+                            in = new BufferedReader(
+                                    new InputStreamReader(errorStream));
+                        } else {
+                            in = null;
+                        }
                     }
-                    String inputLine;
-                    StringBuffer response = new StringBuffer();
-                    while ((inputLine = in.readLine()) != null) {
-                        response.append(inputLine);
+                    if (in != null) {
+                        String inputLine;
+                        StringBuffer response = new StringBuffer();
+                        while ((inputLine = in.readLine()) != null) {
+                            response.append(inputLine);
+                        }
+                        in.close();
+                        requestResult = response.toString();
                     }
-                    in.close();
-                    requestResult = response.toString();
                 } catch (IOException e) {
                     logError(iterableApiRequest, baseUrl, e);
                     error = e.getMessage();
@@ -186,13 +194,20 @@ static IterableApiResponse executeApiRequest(IterableApiRequest iterableApiReque
                     jsonError = e.getMessage();
                 }
 
+                // If getResponseCode() returned -1 (e.g. due to network inspector
+                // interference) but the response body contains JWT error codes,
+                // we can infer the actual response was a 401.
+                if (responseCode == -1 && matchesJWTErrorCodes(jsonResponse)) {
+                    responseCode = 401;
+                }
+
                 // Handle HTTP status codes
                 if (responseCode == 401) {
                     if (matchesJWTErrorCodes(jsonResponse)) {
                         apiResponse = IterableApiResponse.failure(responseCode, requestResult, jsonResponse, "JWT Authorization header error");
                         IterableApi.getInstance().getAuthManager().handleAuthFailure(iterableApiRequest.authToken, getMappedErrorCodeForMessage(jsonResponse));
-                        // We handle the JWT Retry for both online and offline here rather than handling online request in onPostExecute
-                        requestNewAuthTokenAndRetry(iterableApiRequest);
+
+                        handleJwtAuthRetry(iterableApiRequest);
                     } else {
                         apiResponse = IterableApiResponse.failure(responseCode, requestResult, jsonResponse, "Invalid API Key");
                     }
@@ -246,6 +261,24 @@ static IterableApiResponse executeApiRequest(IterableApiRequest iterableApiReque
         return apiResponse;
     }
 
+    /**
+     * When autoRetry is enabled and this is an offline task, skip the inline retry.
+     * The task stays in the DB and IterableTaskRunner will retry it once a valid JWT
+     * is obtained via the AuthTokenReadyListener callback.
+     * For online requests or when autoRetry is disabled, use the existing inline retry.
+     */
+    private static void handleJwtAuthRetry(IterableApiRequest iterableApiRequest) {
+        boolean autoRetry = IterableApi.getInstance().isAutoRetryOnJwtFailure();
+        if (autoRetry && iterableApiRequest.getProcessorType() == IterableApiRequest.ProcessorType.OFFLINE) {
+            IterableAuthManager authManager = IterableApi.getInstance().getAuthManager();
+            authManager.setIsLastAuthTokenValid(false);
+            long retryInterval = authManager.getNextRetryInterval();
+            authManager.scheduleAuthTokenRefresh(retryInterval, false, null);
+        } else {
+            requestNewAuthTokenAndRetry(iterableApiRequest);
+        }
+    }
+
     private static String getBaseUrl() {
         IterableConfig config = IterableApi.getInstance().config;
         IterableDataRegion dataRegion = config.dataRegion;
@@ -498,13 +531,27 @@ public JSONObject toJSONObject() throws JSONException {
     }
 
     static IterableApiRequest fromJSON(JSONObject jsonData, @Nullable IterableHelper.SuccessHandler onSuccess, @Nullable IterableHelper.FailureHandler onFailure) {
+        return fromJSON(jsonData, null, onSuccess, onFailure);
+    }
+
+    /**
+     * Deserializes an IterableApiRequest from JSON.
+     * @param authTokenOverride If non-null, uses this token instead of the one stored in JSON.
+     *                          This allows offline tasks to use the latest auth token rather
+     *                          than the stale one captured at queue time.
+     */
+    static IterableApiRequest fromJSON(JSONObject jsonData, @Nullable String authTokenOverride, @Nullable IterableHelper.SuccessHandler onSuccess, @Nullable IterableHelper.FailureHandler onFailure) {
         try {
             String apikey = jsonData.getString("apiKey");
             String resourcePath = jsonData.getString("resourcePath");
             String requestType = jsonData.getString("requestType");
-            String authToken = "";
-            if (jsonData.has("authToken")) {
+            String authToken;
+            if (authTokenOverride != null) {
+                authToken = authTokenOverride;
+            } else if (jsonData.has("authToken")) {
                 authToken = jsonData.getString("authToken");
+            } else {
+                authToken = "";
             }
             JSONObject json = jsonData.getJSONObject("data");
             return new IterableApiRequest(apikey, resourcePath, json, requestType, authToken, onSuccess, onFailure);

iterableapi/src/main/java/com/iterable/iterableapi/IterableTask.java

@@ -58,6 +58,10 @@ class IterableTask {
         this.taskType = taskType;
     }
 
+    boolean requiresJwt(ApiEndpointClassification classification) {
+        return classification.requiresJwt(this.name);
+    }
+
 }
 
 enum IterableTaskType {