Skip to content

Changed retry logic for http calls in typescript code. #528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
elinohlsson merged 9 commits into from
Nov 19, 2025
Merged

Changed retry logic for http calls in typescript code. #528

elinohlsson merged 9 commits into from
Nov 19, 2025

Conversation

@elinohlsson
Copy link
Contributor

@elinohlsson elinohlsson commented Nov 18, 2025
edited
Loading

This PR addresses issue #508 - Multiple collect attempts after collect already completed, causing the flow to fail

This PR fixes a bug in Active Login that can occur during auth, sign, or payment flows with BankID on the same device. The issue appears frequently on iOS devices when using browsers other than Safari (e.g., Edge or Chrome). It can also occur in Safari on iOS when using a custom browser configuration with a returnUrl that differs from the default used by Active Login.

The bug is triggered when an error occurs during the call to the checkStatus endpoint. On iOS, this may happen if the BankID security app is launched while the request is in progress. In that situation, the current TypeScript logic incorrectly triggers a duplicate retry. If the first retry completes successfully and the BankID order is finalized, the second retry will fail because the order no longer exists. This results in an HTTP 400 response from the BankID API and a BankIdApiException with InvalidParameters: No such order.

This fix prevents duplicate retry calls and avoids retrying checkStatus requests when the HTTP status code indicates failure—since retries are not allowed by the BankID collect endpoint in such cases. Transient failures (e.g. temporary network errors) will still be retried as expected.

This PR also updates our CI configuration to handle recent macOS runner changes:

  • Removed macOS jobs from Azure DevOps because Microsoft no longer provides x86-compatible macOS agents.
  • Updated GitHub Actions to use macos-15-intel to ensure continued support for x86 builds on GitHub, since the default macos-latest runner is now ARM-based.

These changes ensure our macOS builds run only on supported platforms and prevent intermittent architecture-related failures.

Changed retry logic for http calls in typescript code, so that:
2436586 
1. Duplicate retires is not fired for the same failed request.
2. Calls to checkstatus is not retried if status failed is returned from the BankID API, since the retry will just result in another error in that case.
@elinohlsson elinohlsson added this to the Next Release milestone Nov 18, 2025
@elinohlsson elinohlsson marked this pull request as ready for review November 18, 2025 15:50
@elinohlsson elinohlsson added the bug Something isn't working label Nov 18, 2025
@Abrissirba
Copy link
Contributor

Abrissirba commented Nov 18, 2025
edited
Loading

Were you able to reproduce this error? Is it possible to "mock" a network error somehow to test that behaviour?

@Abrissirba Abrissirba requested a review from Copilot November 18, 2025 16:17
Copilot AI reviewed Nov 18, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a race condition bug in the BankID authentication flow that causes duplicate retry attempts during checkStatus calls, particularly on iOS devices. The fix refactors the HTTP retry logic to prevent duplicate retries and adds control over whether HTTP errors should be retried.

Key Changes:

  • Refactored TypeScript retry logic to consolidate retry handling and prevent duplicate retry attempts
  • Added retryOnHttpError parameter to control retry behavior on HTTP errors vs network errors
  • Disabled HTTP error retries for checkStatus and QR code refresh endpoints where the BankID API doesn't allow retries

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/ActiveLogin.Authentication.BankId.AspNetCore/Client/activelogin-main.ts Refactored postJson() function to fix duplicate retry bug and added selective retry control for different API endpoints
azure-pipelines.yml Modified macOS build configuration (contains errors in the current changes)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@elinohlsson
Copy link
Contributor Author

elinohlsson commented Nov 18, 2025

@Abrissirba Yes, I deployed our sample project to Azure and added Application Insights logging to the TypeScript code. Then I tested the deployed web app on an iPhone using Chrome with a test BankID. The issue doesn’t occur every time, but once I got the frontend logging working, it wasn’t too hard to reproduce.

Abrissirba
Abrissirba reviewed Nov 19, 2025
View reviewed changes
@elinohlsson elinohlsson merged commit fac285e into main Nov 19, 2025
16 checks passed
@elinohlsson elinohlsson deleted the bugfix/508-fix-incorrect-retry-logic branch November 19, 2025 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Abrissirba Abrissirba Abrissirba left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

v11.1.2

Development

Successfully merging this pull request may close these issues.

3 participants

@elinohlsson @Abrissirba