Skip to content

fix: persist refreshed viya tokens in deploy flow to avoid stale-toke…#1450

Merged
allanbowe merged 3 commits into
mainfrom
issue-1447
Jul 2, 2026
Merged

fix: persist refreshed viya tokens in deploy flow to avoid stale-toke…#1450
allanbowe merged 3 commits into
mainfrom
issue-1447

Conversation

@YuryShkoda

@YuryShkoda YuryShkoda commented Jul 1, 2026

Copy link
Copy Markdown
Member

Issue

Closes #1447

Summary

  • sasjs deploy -t viya failed with a misleading "please add CLIENT, SECRET, ACCESS_TOKEN, REFRESH_TOKEN" error even when those variables were already present and the refresh token was still valid.
  • Root cause: the deploy flow called getAccessToken(), which refreshes the access token but never persists the new (rotated) refresh token back to .env.{target}/~/.sasjsrc. SAS Viya rotates refresh tokens on every use, so the stale value left on disk gets rejected on the next run.
  • Fixed by switching to getAuthConfig() (used by every other command), which persists the refreshed pair via saveTokens(). The real error from a failed refresh is now surfaced instead of a generic hardcoded message.

Implementation

  • deployToSasViyaWithServicePack.ts: use getAuthConfig(); propagate the real auth error.
  • cbd.spec.server.viya.ts: updated existing test's mock/expectation to match.
  • New deployToSasViyaWithServicePack.spec.ts: unit tests for persistence and error propagation (written first, confirmed failing against the old code).
  • Doc comments added to getAuthConfig, getAccessToken, saveTokens, refreshTokens explaining the persistence requirement and Viya's refresh-token rotation.
  • memory/ai/diagrams/auth-token-refresh.md: mermaid reference diagram of the current auth/token logic.

Checks

  • Code is formatted correctly (npm run lint:fix).
  • Any new functionality has been unit tested.
  • All unit tests are passing (npm test).
  • Unit tests coverage has been increased and a new threshold is set.
  • All CI checks are green.
  • Development comments have been added or updated.
  • Development documentation coverage has been increased and a new threshold is set.
  • Reviewer is assigned.

Reviewer checks

  • Any new code is documented.

…n failures

deployToSasViyaWithServicePack used the non-persisting getAccessToken()
instead of getAuthConfig(), so a refreshed access/refresh token pair was
never written back to disk. Since SAS Viya issues single-use, rotating
refresh tokens, this caused deploys to fail once the token had been
refreshed anywhere, even though the user's .env already had valid
credentials. The real underlying error was also swallowed and replaced
with a generic "add these variables" message, making it undiagnosable.

Switches the deploy flow to getAuthConfig() (which persists via
saveTokens), forwards the real error message instead of the generic
one, and documents the persistence requirement on both token-resolution
functions so the distinction isn't lost again.
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Coverage report

Total coverage

Status Category Percentage Covered / Total
🟡 Statements 73.9% 3330/4506
🟡 Branches 60.71% 1321/2176
🟡 Functions 74.07% 677/914
🟢 Lines 83.04% 8482/10214

Status of coverage: 🟢 - ok, 🟡 - slightly more than threshold, 🔴 - under the threshold

Report generated by 🧪jest coverage report action from b60b67c

@YuryShkoda YuryShkoda self-assigned this Jul 2, 2026
@YuryShkoda YuryShkoda marked this pull request as ready for review July 2, 2026 06:20
mulahasanovic
mulahasanovic previously approved these changes Jul 2, 2026
tmoody
tmoody previously approved these changes Jul 2, 2026
@YuryShkoda YuryShkoda dismissed stale reviews from tmoody and mulahasanovic via b60b67c July 2, 2026 09:15
@allanbowe allanbowe merged commit 2059322 into main Jul 2, 2026
2 checks passed
@allanbowe allanbowe deleted the issue-1447 branch July 2, 2026 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Deployment authorization failure despite unexpired refresh token.

4 participants