fix(auth): do not remove session in case of network failure

[grdsdev]

What changes does this PR introduce?

This PR addresses two issues:

1. Issue Session gets removed when refresh_token request gets cancelled. #707: Fixes a non-retryable error that causes the session to be removed.
2. Issue Session deleted from auth local storage while refreshing token due to "refresh token already used" when sharing auth local storage with multiple processes #703: Fixes a multi-process issue where the refresh token can duplicate requests, leading to a refresh_token_already_used error.

What is the current behavior?

When a non-retryable error occurs, the session is automatically removed. This leads to a few issues:

• The definition of retryable errors is not exhaustive, as it defaults to non-retryable errors. This means that errors like URLError(.cancelled), which should not cause session removal, are also removed.
• In a multi-process environment (iOS app, Widget, Extensions) running simultaneously, the refresh token can duplicate requests, which is not an efficient way to synchronize across processes. This can result in the refresh_token_already_used error, as reported in Issue Session deleted from auth local storage while refreshing token due to "refresh token already used" when sharing auth local storage with multiple processes #703.

What is the new behavior?

The new behavior is to avoid removing sessions when an error occurs.

Additional context

Please provide any additional context or screenshots relevant to the changes introduced in this PR.

[Copilot]

Pull Request Overview

This PR fixes the issue of incorrectly removing the session when a cancellation error occurs during token refresh.

• Adds explicit checks to rethrow errors when they are cancellation-related.
• Ensures that session removal only occurs for non-retryable errors.

[coveralls]

Pull Request Test Coverage Report for Build 14714501160

Details

• 18 of 23 (78.26%) changed or added relevant lines in 2 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.08%) to 74.952%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
Sources/Helpers/HTTP/RetryRequestInterceptor.swift	2	7	28.57%

Totals
Change from base Build 14711380323:	0.08%
Covered Lines:	5075
Relevant Lines:	6771

---

💛 - Coveralls

[Copilot]

Pull Request Overview

This PR fixes the authentication logic so that the session is not removed when a cancellation error or other retryable error occurs. It also updates the error handling and retry logic by removing the RetryableError protocol and refactoring the default error code sets.

• Removed the RetryableError protocol and its associated implementations.
• Updated RetryRequestInterceptor with static default retryable error and status code sets.
• Modified SessionManager to avoid deleting the session on error and removed AuthError’s conformance to RetryableError.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

File	Description
Sources/Helpers/RetryableError.swift	Removed the RetryableError protocol and its extensions.
Sources/Helpers/HTTP/RetryRequestInterceptor.swift	Added static default error and status code sets and reformatted the exponential backoff.
Sources/Auth/Internal/SessionManager.swift	Removed the try/catch block that deleted the session on error, ensuring retryable errors pass through.
Sources/Auth/AuthError.swift	Removed conformance of AuthError to RetryableError.

Comments suppressed due to low confidence (3)

Sources/Auth/Internal/SessionManager.swift:80

• Removing the try/catch block in refreshSession changes error handling behavior; please ensure non-retryable errors are managed appropriately without needing to explicitly remove the session.

do {

Sources/Auth/AuthError.swift:298

• Removing RetryableError conformance from AuthError alters error propagation; confirm that the error handling strategy across the codebase aligns with this change.

extension AuthError: RetryableError {

Sources/Helpers/HTTP/RetryRequestInterceptor.swift:34

• Verify that the error codes listed in the migrated defaultRetryableURLErrorCodes exactly match the originally intended set to ensure consistent retry behavior.

package static let defaultRetryableURLErrorCodes: Set<URLError.Code> = [

[Copilot]

Pull Request Overview

This PR addresses issues with session removal during network failures by altering the error‐handling behavior of the auth session refresh flow and related error protocols. The key changes include:

• Removing the deletion of sessions on non‐retryable errors in SessionManager.
• Dropping the RetryableError conformance from AuthError.
• Updating integration tests to reflect changes in identity comparisons and provider usage.

Reviewed Changes

Copilot reviewed 9 out of 13 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
Tests/IntegrationTests/supabase/config.toml	Added configuration values for testing local instances.
Tests/IntegrationTests/DotEnv.swift	Introduced local environment constants.
Tests/IntegrationTests/AuthClientIntegrationTests.swift	Updated tests to compare identity IDs and changed use of OAuth provider from GitHub to Apple.
Sources/Helpers/RetryableError.swift	Removed the RetryableError protocol implementation.
Sources/Helpers/HTTP/RetryRequestInterceptor.swift	Updated default retryable error and HTTP status code definitions.
Sources/Auth/Internal/SessionManager.swift	Removed the catch block’s session-deletion logic to prevent session removal on error, modifying error flow.
Sources/Auth/AuthError.swift	Removed conformance from AuthError to RetryableError.
Sources/Auth/AuthClient.swift	Minor update to the lifecycle task invocation.

Files not reviewed (4)

• Tests/IntegrationTests/.vscode/extensions.json: Language not supported
• Tests/IntegrationTests/.vscode/settings.json: Language not supported
• Tests/IntegrationTests/supabase/.gitignore: Language not supported
• Tests/IntegrationTests/supabase/.temp/cli-latest: Language not supported