search

adobe / acc-js-sdk

A JavaScript SDK for Adobe Campaign Classic
Apache License 2.0
21 stars 20 forks source link

Client expiration handling issue: 401 Unauthorized errors wrapped as 500 Internal Server Error #108

Open 4reha opened 2 weeks ago

4reha commented 2 weeks ago

Expected Behaviour

According to the documentation, the refreshClient function should be called when the ACC session expires due to token expiration. This allows the client to refresh the token and retry the failed SOAP call.

Actual Behaviour

When the token expires, the refresh callback never called, and the sdk returns a 500 Internal Server Error with the following error message:

CampaignException {
name: 'CampaignException',
message: "500 - Error SOAP-ENV:Client calling method 'xtk:persist#GetEntityIfMoreRecent': SOP-330007 Error while reading parameters of method 'GetEntityIfMoreRecent' of service 'xtk:persist'. XSV-350114 Unknown error during '/ims/profile/v1' IMS call, HTTP response code is 401",
statusCode: 500,
// ... (rest of the error object)
}

The error message indicates that the underlying issue is a 401 Unauthorized error, but it's being wrapped as a 500 Internal Server Error. As a result, the SDK's condition ex.statusCode == 401 is not met, and the refreshClient function is never called.

 // Call session expiration callback in case of 401
if (ex.statusCode == 401 && that._refreshClient && soapCall.retry) {
    return this._retrySoapCall(soapCall);
} else
    return Promise.reject(ex);

Reproduce Scenario (including but not limited to)

Steps to Reproduce

  1. Initialize the SDK with a refreshClient function, similar to the following:
const connectionParameters = sdk.ConnectionParameters.ofImsBearerToken(
  "https://myInstance.campaign.adobe.com",
  "ims_bearer_token",
  {
    timeout: 10000,
    refreshClient: async (client) => {
      // Token refresh logic here
      return client;
    }
  }
);
  1. Perform a SOAP call that requires an active token.
  2. Wait 24hrs for the token to expire. (or you can sipmly try with invalid one, to see if the refresh callback will be called once)
  3. Observe the 500 Internal Server Error with the error message indicating a 401 Unauthorized error.

Platform and Version

mkiki commented 2 weeks ago

Hello, thanks for the detailed bug report, this is indeed an issue when using IMS authentication: the HTTP 401 error is hidden inside the error message and therefore not correctly handled by the SDK. I'll provide a fix shortly.