MFPRequest send is not working after period of inactivity in Cordova apps for Android

[BavConsulting]

We are using Google authentication for Cordova app for Android.

When app is accessed after some period of inactivity(after 1-2 hours), It fails with 'INVALID_TOKEN_ERROR]: The token has been expired' error and returns 401 to mobile client access but doesn't get new access token from google service and doesn't replay message leading application hang.

It works fine when app is removed from the list of running apps and restarted.

[BavConsulting]

Upgraded to latest version of BMSCore and BMSPush. However issue remains. It looks like Mobile Client Access is not able to use refresh token to generate new access token and replay message. We tried initializing BMSClient before invoking BMSRequest, however it still fails with INVALID_TOKEN_ERROR.

[Aerex]

Do you get the same issue with Facebook authentication? Does the error occur in native apps or only Cordova apps?

EDIT: Could you try to send a request explicitly to get a new token instead of generating the new access token?

[BavConsulting]

We are using Only Google authentication on Cordova app. When app is launched for the first time, BMSClient is initialized and we could send request using BMSRequest.send and all subsequent requests works well if app is in continuous use.

Issue shows up when you keep app running but not in use for some time (~1 to 2 hours). If you now try to send request, it does not work. It does not even call failure callback.

Backend log shows it returns 401 error for mobile client access with INVALID_TOKEN_ERROR and nothing after.

Could you please elaborate on sending explicit request ? Are you suggesting that we should send request with full URL instead of relative path? We will try this anyway.

Thanks for replying on this issue.

[Aerex]

Yes but also you can try resetting the token by calling the following method in Android clearAuthorizationData() or logout. The expected behavior is that there should be a popup telling you to login. If this doesn't happen in either hybrid or native then there may be a bug.

[BavConsulting]

If you clear authorization data , it will prompt to login as it occurs when you clear data and cache for a app in setting menu. However we have no visibility when to call clearAuthorizationData. We certainly don't want to call clearAuthorizationData before every send request.

I believe Mobile Client Access (MCA) should detect stale access token and prompt for user login and replay message. It would be even better if MCA would use refresh token and work with google apis to generate new access token and replay message without asking user to log on.

[vitalymibm]

MCA does detect expired access tokens. To debug the issue put a breakpoint in Request.java at line 200. In the scenario that you describe this code should be executed:

boolean isAuthorizationRequired = authorizationManager.isAuthorizationRequired(responseCode, responseHeaders);

            if (isAuthorizationRequired) {
                if (oauthFailCounter++ < 2) {
                    authorizationManager.obtainAuthorization(

If it doesn't get into the second "if", then there is a problem with the server response in case of expired token and you should find out why isAuthorizationRequired returns false or the fail counter >= 2.

[BavConsulting]

I couldn't find Request.java in Cordova App that is imported into Android Studio.

It looks like a defect to me. We are not doing anything different when it works for some time. It breaks inside in this plugin for expired tokens as you suggested. Server responds with 401 as request is not authorized.

[BavConsulting]

We had to switch from Google Authentication to Custom Authentication due to this defect. I hope someone acknowledge this issue and fix it.

[Aerex]

What are using as the filter to protect your resource: TAI or NodeJS

[BavConsulting]

It is NodeJS.