Fix FAIL_UNAUTHORIZED re-queue loop when IV is disabled

nan-li · nan-li · commit b445a01a794b · 2026-04-13T16:48:08.000-07:00
Gate the FAIL_UNAUTHORIZED re-queue path on useIdentityVerification == true.
When IV is OFF, hasValidJwtIfRequired() always returns true so re-queued ops
were immediately eligible, creating a ~200ms infinite retry loop. Now IV-OFF
treats FAIL_UNAUTHORIZED the same as FAIL_NORETRY (drop + wake waiters).

Also fix Operation.externalId KDoc: subclass constructors set this field,
not IOperationRepo at enqueue time.

Made-with: Cursor
diff --git a/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/Operation.kt b/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/Operation.kt
@@ -19,8 +19,8 @@ abstract class Operation(name: String) : Model() {
     /**
      * The external ID of the user this operation belongs to. Used by [IOperationRepo] to look up
      * the correct JWT when identity verification is enabled, and to gate anonymous operations.
-     * Stamped automatically by [IOperationRepo] at enqueue time from the current identity model
-     * when not already set by the concrete operation's constructor.
+     * Must be set by each concrete [Operation] subclass constructor — typically from the current
+     * identity model's externalId at the time the operation is created.
      */
     var externalId: String?
         get() = getOptStringProperty(::externalId.name)
diff --git a/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/impl/OperationRepo.kt b/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/impl/OperationRepo.kt
@@ -284,8 +284,9 @@ internal class OperationRepo(
                     ops.forEach { it.waiter?.wake(true) }
                 }
                 ExecutionResult.FAIL_UNAUTHORIZED -> {
+                    val identityVerificationEnabled = _configModelStore.model.useIdentityVerification == true
                     val externalId = startingOp.operation.externalId
-                    if (externalId != null) {
+                    if (identityVerificationEnabled && externalId != null) {
                         _jwtTokenStore.invalidateJwt(externalId)
                         Logging.warn("Operation execution failed with 401 Unauthorized, JWT invalidated for user: $externalId. Operations re-queued.")
                         // Unblock any enqueueAndWait callers so loginSuspend doesn't hang.
