Iterable · Ayyanchira · Feb 8, 2026 · Feb 20, 2026 · Feb 23, 2026 · Feb 24, 2026
diff --git a/iterableapi/src/main/java/com/iterable/iterableapi/IterableApi.java b/iterableapi/src/main/java/com/iterable/iterableapi/IterableApi.java
@@ -43,6 +43,7 @@ public class IterableApi {
     private IterableNotificationData _notificationData;
     private String _deviceId;
     private boolean _firstForegroundHandled;
+    private boolean _autoRetryOnJwtFailure;
     private IterableHelper.SuccessHandler _setUserSuccessCallbackHandler;
     private IterableHelper.FailureHandler _setUserFailureCallbackHandler;
 
@@ -104,6 +105,14 @@ public void execute(@Nullable String data) {
                     SharedPreferences sharedPref = sharedInstance.getMainActivityContext().getSharedPreferences(IterableConstants.SHARED_PREFS_SAVED_CONFIGURATION, Context.MODE_PRIVATE);
                     SharedPreferences.Editor editor = sharedPref.edit();
                     editor.putBoolean(IterableConstants.SHARED_PREFS_OFFLINE_MODE_KEY, offlineConfiguration);
+
+                    // Parse autoRetry flag from remote config.
+                    if (jsonData.has(IterableConstants.KEY_AUTO_RETRY)) {
+                        boolean autoRetryRemote = jsonData.getBoolean(IterableConstants.KEY_AUTO_RETRY);
+                        editor.putBoolean(IterableConstants.SHARED_PREFS_AUTO_RETRY_KEY, autoRetryRemote);
+                        _autoRetryOnJwtFailure = autoRetryRemote;
+                    }
+
                     editor.apply();
                 } catch (JSONException e) {
                     IterableLogger.e(TAG, "Failed to read remote configuration");
@@ -194,6 +203,15 @@ static void loadLastSavedConfiguration(Context context) {
         SharedPreferences sharedPref = context.getSharedPreferences(IterableConstants.SHARED_PREFS_SAVED_CONFIGURATION, Context.MODE_PRIVATE);
         boolean offlineMode = sharedPref.getBoolean(IterableConstants.SHARED_PREFS_OFFLINE_MODE_KEY, false);
         sharedInstance.apiClient.setOfflineProcessingEnabled(offlineMode);
+
+        sharedInstance._autoRetryOnJwtFailure = sharedPref.getBoolean(IterableConstants.SHARED_PREFS_AUTO_RETRY_KEY, false);
+    }
+
+    /**
+     * Returns whether auto-retry on JWT failure is enabled, as determined by remote configuration.
+     */
+    boolean isAutoRetryOnJwtFailure() {
+        return _autoRetryOnJwtFailure;
     }
 
     /**

diff --git a/iterableapi/src/main/java/com/iterable/iterableapi/IterableAuthManager.java b/iterableapi/src/main/java/com/iterable/iterableapi/IterableAuthManager.java
@@ -9,6 +9,7 @@
 import org.json.JSONObject;
 
 import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
 import java.util.Timer;
 import java.util.TimerTask;
 import java.util.concurrent.ExecutorService;
@@ -18,6 +19,25 @@ public class IterableAuthManager implements IterableActivityMonitor.AppStateCall
     private static final String TAG = "IterableAuth";
     private static final String expirationString = "exp";
 
+    /**
+     * Represents the state of the JWT auth token.
+     * VALID: Last request succeeded with this token.
+     * INVALID: A 401 JWT error was received; processing should pause.
+     * UNKNOWN: A new token was obtained but not yet verified by a request.
+     */
+    enum AuthState {
+        VALID,
+        INVALID,
+        UNKNOWN
+    }
+
+    /**
+     * Listener interface for components that need to react when a new auth token is ready.
+     */
+    interface AuthTokenReadyListener {
+        void onAuthTokenReady();
+    }
+
     private final IterableApi api;
     private final IterableAuthHandler authHandler;
     private final long expiringAuthTokenRefreshPeriod;
@@ -34,6 +54,9 @@ public class IterableAuthManager implements IterableActivityMonitor.AppStateCall
     private volatile boolean isTimerScheduled;
     private volatile boolean isInForeground = true; // Assume foreground initially
 
+    private volatile AuthState authState = AuthState.UNKNOWN;
+    private final ArrayList<AuthTokenReadyListener> authTokenReadyListeners = new ArrayList<>();
+
     private final ExecutorService executor = Executors.newSingleThreadExecutor();
 
     IterableAuthManager(IterableApi api, IterableAuthHandler authHandler, RetryPolicy authRetryPolicy, long expiringAuthTokenRefreshPeriod) {
@@ -45,6 +68,58 @@ public class IterableAuthManager implements IterableActivityMonitor.AppStateCall
         this.activityMonitor.addCallback(this);
     }
 
+    void addAuthTokenReadyListener(AuthTokenReadyListener listener) {
+        authTokenReadyListeners.add(listener);
+    }
+
+    void removeAuthTokenReadyListener(AuthTokenReadyListener listener) {
+        authTokenReadyListeners.remove(listener);
+    }
+
+    /**
+     * Returns true if the auth token is in a state that allows requests to proceed.
+     * Requests can proceed when auth state is VALID or UNKNOWN (newly obtained token).
+     * If no authHandler is configured (JWT not used), this always returns true.
+     */
+    boolean isAuthTokenReady() {
+        if (authHandler == null) {
+            return true;
+        }
+        return authState != AuthState.INVALID;
+    }
+
+    /**
+     * Marks the auth token as invalid. Called when a 401 JWT error is received.
+     */
+    void setAuthTokenInvalid() {
+        setAuthState(AuthState.INVALID);
+    }
+
+    AuthState getAuthState() {
+        return authState;
+    }
+
+    /**
+     * Centralized auth state setter. Notifies AuthTokenReadyListeners only when
+     * transitioning from INVALID to a ready state (UNKNOWN or VALID), which means
+     * a new token has been obtained after a prior auth failure.
+     */
+    private void setAuthState(AuthState newState) {
+        AuthState previousState = this.authState;
+        this.authState = newState;
+
+        if (previousState == AuthState.INVALID && newState != AuthState.INVALID) {
+            notifyAuthTokenReadyListeners();
+        }
+    }
+
+    private void notifyAuthTokenReadyListeners() {
+        ArrayList<AuthTokenReadyListener> listenersCopy = new ArrayList<>(authTokenReadyListeners);
+        for (AuthTokenReadyListener listener : listenersCopy) {
+            listener.onAuthTokenReady();
+        }
+    }
+
     public synchronized void requestNewAuthToken(boolean hasFailedPriorAuth, IterableHelper.SuccessHandler successCallback) {
         requestNewAuthToken(hasFailedPriorAuth, successCallback, true);
     }
@@ -61,6 +136,9 @@ void reset() {
 
     void setIsLastAuthTokenValid(boolean isValid) {
         isLastAuthTokenValid = isValid;
+        if (isValid) {
+            setAuthState(AuthState.VALID);
+        }
     }
 
     void resetRetryCount() {
@@ -132,6 +210,9 @@ public void run() {
 
     private void handleAuthTokenSuccess(String authToken, IterableHelper.SuccessHandler successCallback) {
         if (authToken != null) {
+            // Token obtained but not yet verified by a request - set state to UNKNOWN.
+            // setAuthState will notify listeners only if previous state was INVALID.
+            setAuthState(AuthState.UNKNOWN);
             IterableApi.getInstance().setAuthToken(authToken);
             queueExpirationRefresh(authToken);
 

diff --git a/iterableapi/src/main/java/com/iterable/iterableapi/IterableConstants.java b/iterableapi/src/main/java/com/iterable/iterableapi/IterableConstants.java
@@ -56,6 +56,7 @@ public final class IterableConstants {
     public static final String KEY_INBOX_SESSION_ID     = "inboxSessionId";
     public static final String KEY_EMBEDDED_SESSION_ID     = "id";
     public static final String KEY_OFFLINE_MODE         = "offlineMode";
+    public static final String KEY_AUTO_RETRY           = "autoRetry";
     public static final String KEY_FIRETV = "FireTV";
     public static final String KEY_CREATE_NEW_FIELDS    = "createNewFields";
     public static final String KEY_IS_USER_KNOWN = "isUserKnown";
@@ -130,6 +131,7 @@ public final class IterableConstants {
     public static final String SHARED_PREFS_FCM_MIGRATION_DONE_KEY = "itbl_fcm_migration_done";
     public static final String SHARED_PREFS_SAVED_CONFIGURATION = "itbl_saved_configuration";
     public static final String SHARED_PREFS_OFFLINE_MODE_KEY = "itbl_offline_mode";
+    public static final String SHARED_PREFS_AUTO_RETRY_KEY = "itbl_auto_retry";
     public static final String SHARED_PREFS_EVENT_LIST_KEY = "itbl_event_list";
     public static final String SHARED_PREFS_USER_UPDATE_OBJECT_KEY = "itbl_user_update_object";
     public static final String SHARED_PREFS_UNKNOWN_SESSIONS = "itbl_unknown_sessions";

diff --git a/iterableapi/src/main/java/com/iterable/iterableapi/IterableRequestTask.java b/iterableapi/src/main/java/com/iterable/iterableapi/IterableRequestTask.java
@@ -18,6 +18,7 @@
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.io.OutputStreamWriter;
@@ -153,20 +154,27 @@ static IterableApiResponse executeApiRequest(IterableApiRequest iterableApiReque
                 // Read the response body
                 try {
                     BufferedReader in;
-                    if (responseCode < 400) {
+                    if (responseCode >= 0 && responseCode < 400) {
                         in = new BufferedReader(
                                 new InputStreamReader(urlConnection.getInputStream()));
                     } else {
-                        in = new BufferedReader(
-                                new InputStreamReader(urlConnection.getErrorStream()));
+                        InputStream errorStream = urlConnection.getErrorStream();
+                        if (errorStream != null) {
+                            in = new BufferedReader(
+                                    new InputStreamReader(errorStream));
+                        } else {
+                            in = null;
+                        }
                     }
-                    String inputLine;
-                    StringBuffer response = new StringBuffer();
-                    while ((inputLine = in.readLine()) != null) {
-                        response.append(inputLine);
+                    if (in != null) {
+                        String inputLine;
+                        StringBuffer response = new StringBuffer();
+                        while ((inputLine = in.readLine()) != null) {
+                            response.append(inputLine);
+                        }
+                        in.close();
+                        requestResult = response.toString();
                     }
-                    in.close();
-                    requestResult = response.toString();
                 } catch (IOException e) {
                     logError(iterableApiRequest, baseUrl, e);
                     error = e.getMessage();
@@ -186,13 +194,36 @@ static IterableApiResponse executeApiRequest(IterableApiRequest iterableApiReque
                     jsonError = e.getMessage();
                 }
 
+                // If getResponseCode() returned -1 (e.g. due to network inspector
+                // interference) but the response body contains JWT error codes,
+                // we can infer the actual response was a 401.
+                if (responseCode == -1 && matchesJWTErrorCodes(jsonResponse)) {
+                    responseCode = 401;
+                }
+
                 // Handle HTTP status codes
                 if (responseCode == 401) {
                     if (matchesJWTErrorCodes(jsonResponse)) {
                         apiResponse = IterableApiResponse.failure(responseCode, requestResult, jsonResponse, "JWT Authorization header error");
                         IterableApi.getInstance().getAuthManager().handleAuthFailure(iterableApiRequest.authToken, getMappedErrorCodeForMessage(jsonResponse));
-                        // We handle the JWT Retry for both online and offline here rather than handling online request in onPostExecute
-                        requestNewAuthTokenAndRetry(iterableApiRequest);
+
+                        // [F] When autoRetry is enabled and this is an offline task, skip the inline
+                        // retry. The task stays in the DB and IterableTaskRunner will retry it once
+                        // a valid JWT is obtained via the AuthTokenReadyListener callback.
+                        // For online requests or when autoRetry is disabled, use the existing inline retry.
+                        boolean autoRetry = IterableApi.getInstance().isAutoRetryOnJwtFailure();
+                        if (autoRetry && iterableApiRequest.getProcessorType() == IterableApiRequest.ProcessorType.OFFLINE) {
+                            // Schedule a delayed token refresh (respects retry policy).
+                            // Do NOT retry the request inline -- IterableTaskRunner will handle
+                            // the retry after the AuthTokenReadyListener callback fires.
+                            IterableAuthManager authManager = IterableApi.getInstance().getAuthManager();
+                            authManager.setIsLastAuthTokenValid(false);
+                            long retryInterval = authManager.getNextRetryInterval();
+                            authManager.scheduleAuthTokenRefresh(retryInterval, false, null);
+                        } else {
+                            // Existing behavior: retry request inline after obtaining new token
+                            requestNewAuthTokenAndRetry(iterableApiRequest);
+                        }
                     } else {
                         apiResponse = IterableApiResponse.failure(responseCode, requestResult, jsonResponse, "Invalid API Key");
                     }
@@ -498,13 +529,27 @@ public JSONObject toJSONObject() throws JSONException {
     }
 
     static IterableApiRequest fromJSON(JSONObject jsonData, @Nullable IterableHelper.SuccessHandler onSuccess, @Nullable IterableHelper.FailureHandler onFailure) {
+        return fromJSON(jsonData, null, onSuccess, onFailure);
+    }
+
+    /**
+     * Deserializes an IterableApiRequest from JSON.
+     * @param authTokenOverride If non-null, uses this token instead of the one stored in JSON.
+     *                          This allows offline tasks to use the latest auth token rather
+     *                          than the stale one captured at queue time.
+     */
+    static IterableApiRequest fromJSON(JSONObject jsonData, @Nullable String authTokenOverride, @Nullable IterableHelper.SuccessHandler onSuccess, @Nullable IterableHelper.FailureHandler onFailure) {
         try {
             String apikey = jsonData.getString("apiKey");
             String resourcePath = jsonData.getString("resourcePath");
             String requestType = jsonData.getString("requestType");
-            String authToken = "";
-            if (jsonData.has("authToken")) {
+            String authToken;
+            if (authTokenOverride != null) {
+                authToken = authTokenOverride;
+            } else if (jsonData.has("authToken")) {
                 authToken = jsonData.getString("authToken");
+            } else {
+                authToken = "";
             }
             JSONObject json = jsonData.getJSONObject("data");
             return new IterableApiRequest(apikey, resourcePath, json, requestType, authToken, onSuccess, onFailure);