Getting a 401 Unauthorized when calling our internal auth service from a Studio SNIPPET action. The token refresh logic works fine locally, but fails in production intermittently.
Here’s the flow:
- Fetch new access token from our auth endpoint.
- Call downstream API with the new token.
The downstream API returns:
{
"error": "invalid_grant",
"error_description": "Token not yet valid"
}
The Studio server clock is slightly ahead of the auth server. The token’s nbf (not before) claim is set to now + 30s. Since Studio’s clock is fast, it sends the request before the token is actually valid on the auth server side.
Is there a way to force Studio to wait or adjust the clock offset in the SNIPPET? Or should I just add a sleep? This feels hacky.
ASSIGN _tokenResp = ${GetRESTProxy("POST", "https://auth.internal/token", {"grant_type": "refresh_token", "refresh_token": ${_refreshToken}})}
ASSIGN _newToken = ${_tokenResp.access_token}
ASSIGN _apiResp = ${GetRESTProxy("GET", "https://api.internal/data", {}, {"Authorization": "Bearer " + _newToken})}
The second call fails with 401. If I retry after 30s, it works. Need a cleaner fix.