Treat 404 as auth error and persist refreshed tokens #1

Merged

thatguygriff merged 1 commits from fix/token-refresh-404 into main 2026-05-26 13:08:19 +00:00

Conversation 0 Commits 1 Files Changed 3

+53 -8

thatguygriff commented 2026-05-26 13:06:42 +00:00

Owner

Copy Link

Copy Source

Summary

After running for some time, the integration begins failing with 404 errors against the DKN Cloud NA API and stops recovering. Root causes:

1. 404 is not treated as an auth error. The DKN Cloud NA API appears to return 404 (not 401) for expired tokens. The previous auth_error_statuses={401, 403} let those 404s fall through to a generic DknConnectionError, so the coordinator just logged UpdateFailed and kept retrying with the stale token — never triggering a token refresh or reauth.
2. Refreshed tokens were never persisted. refresh_access_token() stored new tokens only on the in-memory client. On Home Assistant restart we reloaded the old (now-expired) tokens from the config entry, and eventually the in-memory refresh token would expire too.

Changes

• Add 404 to auth_error_statuses on is_logged_in, refresh_access_token, and fetch_installations so expired-token 404s trigger the refresh + reauth flow.
• Persist refreshed access + refresh tokens back to entry.options after each successful coordinator update.
• Make the update listener ignore token-only option changes so token persistence does not cause a reload loop. User-facing options (scan_interval, expose_pii) still trigger a reload as before.
• Log API responses with status >= 400 at WARNING (with body) and log INFO when a token refresh is attempted, so failures are diagnosable without enabling debug logging.

Test plan

• Restart Home Assistant with the integration installed — devices come up as before.
• Watch HA logs over the course of a token lifetime; on the next refresh you should see DKN token expired, attempting refresh followed by normal polling, with no UpdateFailed.
• After a refresh, restart HA — the integration should come up cleanly without a reauth prompt (proves the refreshed tokens were persisted).
• If/when the refresh token itself ultimately expires, confirm HA shows the reauth UI rather than silently failing.

## Summary After running for some time, the integration begins failing with `404` errors against the DKN Cloud NA API and stops recovering. Root causes: 1. **`404` is not treated as an auth error.** The DKN Cloud NA API appears to return `404` (not `401`) for expired tokens. The previous `auth_error_statuses={401, 403}` let those 404s fall through to a generic `DknConnectionError`, so the coordinator just logged `UpdateFailed` and kept retrying with the stale token — never triggering a token refresh or reauth. 2. **Refreshed tokens were never persisted.** `refresh_access_token()` stored new tokens only on the in-memory client. On Home Assistant restart we reloaded the old (now-expired) tokens from the config entry, and eventually the in-memory refresh token would expire too. ## Changes - Add `404` to `auth_error_statuses` on `is_logged_in`, `refresh_access_token`, and `fetch_installations` so expired-token 404s trigger the refresh + reauth flow. - Persist refreshed access + refresh tokens back to `entry.options` after each successful coordinator update. - Make the update listener ignore token-only option changes so token persistence does not cause a reload loop. User-facing options (`scan_interval`, `expose_pii`) still trigger a reload as before. - Log API responses with `status >= 400` at `WARNING` (with body) and log `INFO` when a token refresh is attempted, so failures are diagnosable without enabling debug logging. ## Test plan - [ ] Restart Home Assistant with the integration installed — devices come up as before. - [ ] Watch HA logs over the course of a token lifetime; on the next refresh you should see `DKN token expired, attempting refresh` followed by normal polling, with no `UpdateFailed`. - [ ] After a refresh, restart HA — the integration should come up cleanly without a reauth prompt (proves the refreshed tokens were persisted). - [ ] If/when the refresh token itself ultimately expires, confirm HA shows the reauth UI rather than silently failing.

thatguygriff added 1 commit 2026-05-26 13:06:43 +00:00

Treat 404 as auth error and persist refreshed tokens ... dd1cc76580

The DKN Cloud NA API returns 404 (not 401) when tokens are expired,
which caused the integration to silently fail with UpdateFailed
indefinitely instead of attempting a token refresh or triggering
reauth. Refreshed tokens were also only held in memory, so they
were lost on Home Assistant restart.

- Add 404 to auth_error_statuses on is_logged_in, refresh_access_token,
  and fetch_installations.
- Persist refreshed access + refresh tokens back to the config entry
  after each successful coordinator update.
- Skip the entry reload listener for token-only option updates to
  avoid a reload loop on every refresh.
- Log API 4xx responses at WARNING with the body so failures are
  visible in HA logs without enabling debug logging.

thatguygriff merged commit bff10aadb5 into main 2026-05-26 13:08:19 +00:00

thatguygriff deleted branch fix/token-refresh-404 2026-05-26 13:08:19 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

thatguygriff (James Griffin-Allwood)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: GitHub/homeassistant-dkncloudna#1