Skip push subscription disable on logout when JWT is already expired

nan-li · nan-li · commit 130aa1636c4b · 2026-03-31T01:18:21.000-07:00
When IV is enabled and the JWT has already been invalidated (e.g. by
a prior 401), the UpdateSubscriptionOperation to disable the push
subscription would be permanently blocked by hasValidJwtIfRequired.
Since the backend call would fail with 401 anyway, skip it entirely
and just switch to the new anonymous user.

Made-with: Cursor

Revert "Skip push subscription disable on logout when JWT is already expired"

This reverts commit 5ce284257b6e03b8c862745ff58fcf4293299577.

Exempt UpdateSubscriptionOperation from JWT gating

The subscription update endpoint does not require a JWT on the
backend. Add Operation.requiresJwt (default true) and override it
to false in UpdateSubscriptionOperation so these operations are not
blocked by hasValidJwtIfRequired when the JWT is expired or missing.

This fixes the edge case where logging out with an expired JWT would
permanently block the push subscription disable operation.

Made-with: Cursor
diff --git a/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/Operation.kt b/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/Operation.kt
@@ -61,6 +61,13 @@ abstract class Operation(name: String) : Model() {
      */
     abstract val canStartExecute: Boolean
 
+    /**
+     * Whether this operation requires a valid JWT when identity verification is enabled.
+     * Override to return `false` for operations whose backend endpoint does not require
+     * a JWT (e.g. subscription updates).
+     */
+    open val requiresJwt: Boolean get() = true
+
     /**
      * Called when an operation has resolved a local ID to a backend ID (i.e. successfully
      * created a backend resource).  Any IDs within the operation that could be local IDs should
diff --git a/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/impl/OperationRepo.kt b/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/impl/OperationRepo.kt
@@ -438,6 +438,7 @@ internal class OperationRepo(
         op: Operation,
     ): Boolean {
         if (!iv) return true
+        if (!op.requiresJwt) return true
         val externalId = op.externalId ?: return false
         return _jwtTokenStore.getJwt(externalId) != null
     }
diff --git a/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/operations/UpdateSubscriptionOperation.kt b/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/operations/UpdateSubscriptionOperation.kt
@@ -86,6 +86,7 @@ class UpdateSubscriptionOperation() : Operation(SubscriptionOperationExecutor.UP
     override val groupComparisonType: GroupComparisonType = GroupComparisonType.ALTER
     override val canStartExecute: Boolean get() = !IDManager.isLocalId(onesignalId) && !IDManager.isLocalId(subscriptionId)
     override val applyToRecordId: String get() = subscriptionId
+    override val requiresJwt: Boolean get() = false
 
     constructor(appId: String, onesignalId: String, subscriptionId: String, type: SubscriptionType, enabled: Boolean, address: String, status: SubscriptionStatus) : this() {
         this.appId = appId

Original file line number	Diff line number	Diff line change
`@@ -438,6 +438,7 @@ internal class OperationRepo(`
`438`	`438`	`op: Operation,`
`439`	`439`	`): Boolean {`
`440`	`440`	`if (!iv) return true`
	`441`	`+ if (!op.requiresJwt) return true`
`441`	`442`	`val externalId = op.externalId ?: return false`
`442`	`443`	`return _jwtTokenStore.getJwt(externalId) != null`
`443`	`444`	`}`