Use injected authenticationService consistently in EcosiaAuthUIStateProvider#1050
Merged
d4r1091 merged 2 commits intodc-mob-4187-proactively-refresh-credentialsfrom Feb 20, 2026
Merged
Conversation
2 tasks
…onService in handleUserProfileUpdate Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Update implementation based on feedback for token refresh
Use injected Feb 20, 2026
authenticationService consistently in EcosiaAuthUIStateProvider
d4r1091
approved these changes
Feb 20, 2026
d4r1091
added a commit
that referenced
this pull request
Feb 22, 2026
…teProvider` (#1050) * Initial plan * Replace EcosiaAuthenticationService.shared with injected authenticationService in handleUserProfileUpdate Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com>
d4r1091
added a commit
that referenced
this pull request
Feb 23, 2026
…1047) * [MOB-4187] Implement proactive token refresh to prevent 401 errors Previously, the app would wait for 401 responses before refreshing expired tokens, causing excessive authentication errors and poor user experience. This change implements a proactive approach where tokens are automatically refreshed before API calls, leveraging Auth0's CredentialsManager which handles token expiry detection and refresh seamlessly. Changes: - Add getFreshAccessToken() method to EcosiaAuthenticationService that retrieves fresh tokens from Auth0 - Update EcosiaAuthUIStateProvider to use fresh tokens for API calls - Simplify AccountsService by removing reactive 401 retry logic - Add new error cases to AuthError enum for better error handling - Add comprehensive tests for the new token refresh behavior - Update AccountsServiceTests to reflect that 401s now indicate genuine auth failures This approach eliminates unnecessary 401 errors and provides a more reliable authentication experience. Co-authored-by: Cursor <cursoragent@cursor.com> * Update firefox-ios/Ecosia/Account/Auth/EcosiaAuthenticationService.swift Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update firefox-ios/EcosiaTests/Core/Accounts/AccountsServiceTests.swift Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Use injected `authenticationService` consistently in `EcosiaAuthUIStateProvider` (#1050) * Initial plan * Replace EcosiaAuthenticationService.shared with injected authenticationService in handleUserProfileUpdate Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> * Inline `performVisitRequest` into `registerVisit` in `AccountsService` (#1053) * Initial plan * Remove performVisitRequest and inline body into registerVisit Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> * Clarify `CredentialsManager.credentials()` is behind `retrieveCredentials` protocol (#1054) * Initial plan * Clarify retrieveCredentials protocol wraps CredentialsManager.credentials() in doc comment Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> * Fix `getFreshAccessToken`: validate token before updating state; only dispatch auth events on actual transitions (#1052) * Initial plan * Fix getFreshAccessToken: validate token before updating state; only dispatch on state transitions Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> * Fix testGetFreshAccessToken_withExpiredToken_refreshesAutomatically to actually simulate expiry and refresh (#1051) * Initial plan * Adjust mock/setup for expired token refresh test Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com> * [MOB-4187] Swiftlint fix * [MOB-4187] Exclude Tuist files from Swiftlint * [MOB-4187] Review credentials flow with `minTTL` * [MOB-4187] Add `retrieveCredentialsCallCount` * [MOB-4187] Restore doc --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: d4r1091 <3584008+d4r1091@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
handleUserProfileUpdate()was bypassing the injectedauthenticationServicedependency by reading directly fromEcosiaAuthenticationService.shared, making the DI initializer ineffective in tests and risking state desync when a non-shared instance is passed.Changes
EcosiaAuthUIStateProvider.swift: ReplaceEcosiaAuthenticationService.sharedreads inhandleUserProfileUpdate()with the injectedauthenticationServicepropertyAll code paths in this class now route through the single injected dependency.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.