FR-22335

Session updates for refresh token lifetime
Added ability to disable token refreshing in SDK-side

Author: dianaKhortiuk-frontegg

android/src/main/java/com/frontegg/android/FronteggApp.kt

@@ -68,6 +68,7 @@ val Context.fronteggApp: FronteggApp
                 mainActivityClass = mainClassActivityClass,
                 deepLinkScheme = constants.deepLinkScheme,
                 useDiskCacheWebview = constants.useDiskCacheWebview,
+                disableAutoRefresh = constants.disableAutoRefresh,
             )
         }
 
@@ -119,6 +120,7 @@ interface FronteggApp {
          * @param useChromeCustomTabs Whether the Frontegg SDK should use Chrome Custom Tabs (default: `false`).
          * @param mainActivityClass The Activity to navigate to after authorization (default: `null`).
          * @param useDiskCacheWebview Whether the Frontegg SDK should use disk cache for WebView (default: `false`).
+         * @param disableAutoRefresh Whether to disable automatic token refresh (default: `false`).
          */
         @VisibleForTesting
         internal fun init(
@@ -131,6 +133,7 @@ interface FronteggApp {
             mainActivityClass: Class<*>? = null,
             deepLinkScheme: String? = null,
             useDiskCacheWebview: Boolean = false,
+            disableAutoRefresh: Boolean = false,
         ) {
             val baseUrl: String = if (fronteggDomain.startsWith("https")) {
                 fronteggDomain
@@ -150,7 +153,8 @@ interface FronteggApp {
                 useAssetsLinks = useAssetsLinks,
                 useChromeCustomTabs = useChromeCustomTabs,
                 mainActivityClass = mainActivityClass,
-                useDiskCacheWebview = useDiskCacheWebview
+                useDiskCacheWebview = useDiskCacheWebview,
+                disableAutoRefresh = disableAutoRefresh
             )
             runDebugChecksSafe(context, fronteggDomain, clientId)
         }
@@ -164,6 +168,7 @@ interface FronteggApp {
          * @param useChromeCustomTabs Whether the Frontegg SDK should use Chrome Custom Tabs (default: `false`).
          * @param mainActivityClass The Activity to navigate to after authorization (default: `null`).
          * @param useDiskCacheWebview Whether the Frontegg SDK should use disk cache for WebView (default: `false`).
+         * @param disableAutoRefresh Whether to disable automatic token refresh (default: `false`).
          */
         fun initWithRegions(
             regions: List<RegionConfig>,
@@ -172,6 +177,7 @@ interface FronteggApp {
             useChromeCustomTabs: Boolean = false,
             mainActivityClass: Class<*>? = null,
             useDiskCacheWebview: Boolean = false,
+            disableAutoRefresh: Boolean = false,
         ): FronteggApp {
 
             val isEmbeddedMode = context.isActivityEnabled(EmbeddedAuthActivity::class.java.name)
@@ -191,7 +197,8 @@ interface FronteggApp {
                         useAssetsLinks = useAssetsLinks,
                         useChromeCustomTabs = useChromeCustomTabs,
                         mainActivityClass = mainActivityClass,
-                        useDiskCacheWebview = useDiskCacheWebview
+                        useDiskCacheWebview = useDiskCacheWebview,
+                        disableAutoRefresh = disableAutoRefresh
                     )
                     instance = newInstance
 
@@ -210,7 +217,8 @@ interface FronteggApp {
                 useAssetsLinks = useAssetsLinks,
                 useChromeCustomTabs = useChromeCustomTabs,
                 mainActivityClass = mainActivityClass,
-                useDiskCacheWebview = useDiskCacheWebview
+                useDiskCacheWebview = useDiskCacheWebview,
+                disableAutoRefresh = disableAutoRefresh
             )
             instance = newInstance
             // Persist parameters to allow retry when network becomes available

android/src/main/java/com/frontegg/android/FronteggAuth.kt

@@ -114,6 +114,11 @@ interface FronteggAuth {
      */
     fun refreshTokenIfNeeded(): Boolean
 
+    /**
+     * Process queued requests when network becomes available.
+     */
+    fun processQueuedRequests()
+
     /**
      * Login with passkeys
      * @param activity is the activity of application;

android/src/main/java/com/frontegg/android/models/FronteggConstants.kt

@@ -9,6 +9,7 @@ data class FronteggConstants(
     val deepLinkScheme: String?,
     val useDiskCacheWebview: Boolean,
     val mainActivityClass: String?,
+    val disableAutoRefresh: Boolean,
 ) {
     fun toMap(): Map<String, Any?> {
         return mapOf(
@@ -20,6 +21,7 @@ data class FronteggConstants(
             Pair("deepLinkScheme", deepLinkScheme),
             Pair("useDiskCacheWebview", useDiskCacheWebview),
             Pair("mainActivityClass", mainActivityClass),
+            Pair("disableAutoRefresh", disableAutoRefresh),
         )
     }
 }

android/src/main/java/com/frontegg/android/services/Api.kt

@@ -48,6 +48,11 @@ open class Api(
             if (!fromSelected.isNullOrBlank()) return fromSelected
             return storage.regions.firstOrNull()?.baseUrl ?: ""
         }
+
+    /**
+     * Get the base URL for network probing
+     */
+    fun getServerUrl(): String = baseUrl
     private val clientId: String
         get() {
             val direct = storage.clientId
@@ -173,12 +178,37 @@ open class Api(
         return this.httpClient.newCall(request)
     }
 
+    private fun buildGetRequestWithTimeout(path: String, timeoutMs: Long): Call {
+        val url = if (path.startsWith("http")) {
+            path.toHttpUrl()
+        } else {
+            "$baseUrl/$path".toHttpUrl()
+        }
+        val requestBuilder = Request.Builder()
+        val headers = prepareHeaders()
+
+        requestBuilder.method("GET", null)
+        requestBuilder.headers(headers)
+        requestBuilder.url(url)
+
+        val request = requestBuilder.build()
+        
+        // Create client with increased timeout
+        val clientWithTimeout = httpClient.newBuilder()
+            .connectTimeout(timeoutMs, java.util.concurrent.TimeUnit.MILLISECONDS)
+            .readTimeout(timeoutMs, java.util.concurrent.TimeUnit.MILLISECONDS)
+            .writeTimeout(timeoutMs, java.util.concurrent.TimeUnit.MILLISECONDS)
+            .build()
+            
+        return clientWithTimeout.newCall(request)
+    }
+
 
     @Throws(IllegalArgumentException::class, IOException::class)
     fun me(): User? {
-        val meCall = buildGetRequest(ApiConstants.me)
+        val meCall = buildGetRequestWithTimeout(ApiConstants.me, 120000)
         val meResponse = meCall.execute()
-        val tenantsCall = buildGetRequest(ApiConstants.tenants)
+        val tenantsCall = buildGetRequestWithTimeout(ApiConstants.tenants, 120000)
         val tenantsResponse = tenantsCall.execute()
 
         if (meResponse.isSuccessful && tenantsResponse.isSuccessful) {
@@ -189,32 +219,42 @@ open class Api(
             val meJsonStr = meResponse.body!!.string()
             val tenantsJsonStr = tenantsResponse.body!!.string()
 
+            Log.d(TAG, "api.me() successful - me length: ${meJsonStr.length}, tenants length: ${tenantsJsonStr.length}")
+
             val meJson: MutableMap<String, Any> = gson.fromJson(meJsonStr, mapType)
             val tenantsJson: MutableMap<String, Any> = gson.fromJson(tenantsJsonStr, mapType)
 
             meJson["tenants"] = tenantsJson["tenants"] as Any
             meJson["activeTenant"] = tenantsJson["activeTenant"] as Any
 
             val merged = Gson().toJson(meJson)
-            return Gson().fromJson(merged, User::class.java)
+            val user = Gson().fromJson(merged, User::class.java)
+            Log.d(TAG, "api.me() returning user: ${user != null}")
+            return user
+        } else {
+            Log.w(TAG, "api.me() failed - me: ${meResponse.code} ${meResponse.message}, tenants: ${tenantsResponse.code} ${tenantsResponse.message}")
         }
 
         return null
     }
 
     @Throws(IllegalArgumentException::class, IOException::class, FailedToAuthenticateException::class)
     fun refreshToken(refreshToken: String): AuthResponse {
+        Log.d(TAG, "Starting refresh token request")
         val body = JsonObject()
         body.addProperty("grant_type", "refresh_token")
         body.addProperty("refresh_token", refreshToken)
 
-        // Use shorter timeout like Swift version (5 seconds)
-        val call = buildPostRequestWithTimeout(ApiConstants.refreshToken, body, 5000)
+        // Use reasonable timeout for refresh token (30 seconds)
+        val call = buildPostRequestWithTimeout(ApiConstants.refreshToken, body, 30000)
 
+        Log.d(TAG, "Executing refresh token request...")
         val response = call.execute()
+        Log.d(TAG, "Refresh token response received: code=${response.code}")
 
         if (response.isSuccessful) {
             val responseBody = response.body!!.string()
+            Log.d(TAG, "Refresh token successful, parsing response")
             return Gson().fromJson(responseBody, AuthResponse::class.java)
         }
 

android/src/main/java/com/frontegg/android/services/FronteggAppService.kt

@@ -26,7 +26,8 @@ class FronteggAppService(
     private var useChromeCustomTabs: Boolean = false,
     private var mainActivityClass: Class<*>? = null,
     private var deepLinkScheme: String? = null,
-    private var useDiskCacheWebview: Boolean = false
+    private var useDiskCacheWebview: Boolean = false,
+    private var disableAutoRefresh: Boolean = false
 ) : FronteggApp {
 
     private val storage = StorageProvider.getInnerStorage()
@@ -43,7 +44,8 @@ class FronteggAppService(
             FronteggAuthService(
                 credentialManager,
                 appLifecycle,
-                refreshTokenManager
+                refreshTokenManager,
+                disableAutoRefresh = disableAutoRefresh
             )
     }