looking for advice on handling oauth client credentials flow after we flipped on saml sso.
we’ve got a backend service using the ts sdk to push analytics data. it works fine with local auth, but after enabling saml sso for all users, the sdk’s internal token refresh logic seems to break.
i’m getting a 401 unauthorized on the second api call. the initial token generation via platformClient.auth.login() works, but the automatic refresh fails silently or throws a generic error.
snippet:
const auth = platformClient.auth;
await auth.login({
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
grantType: 'client_credentials'
});
// first call works
const user = await platformClient.users.getUserById(userId);
// second call fails 401
const interactions = await platformClient.analytics.getInteractions(...);
is the sdk not handling the token expiry correctly when saml is active? or do i need to manually hook into the refresh event? the docs are vague on this specific combo. feels like a bug in the http client layer.
anyone else hitting this?