Issue Description
We are from AutoScout24 and are investigating high JWT auth token request volume on Android compared with iOS.
Over the last 7 days, our backend saw approximately:
- Android: ~170k JWT token requests
- iOS: ~40k-42k JWT token requests
Both apps use Iterable JWT auth with userId. Both apps disable automatic push registration and manually sync push registration based on OS notification permission state.
We want to understand why Android calls IterableAuthHandler.onAuthTokenRequested() significantly more often than iOS.
Questions:
- Under what conditions does Android call
onAuthTokenRequested() when a valid userId and valid JWT have already been restored from SDK storage?
- Is Android expected to request JWT auth tokens more often than iOS?
- Can foregrounding the Android app trigger JWT refresh even when the restored JWT is still valid?
- Can manual push registration / disable calls trigger JWT refresh when
autoPushRegistration = false?
- Does reading
IterableApi.getInstance().getAuthToken() ever trigger auth refresh, or is it only a getter?
- What is the recommended app-side handling to avoid duplicate backend JWT generation?
Expected behavior:
If the SDK has restored a valid userId and valid JWT auth token, Android should not request a new JWT unless the token is missing, invalid, expired, close to expiry, or an Iterable API returns a JWT-related 401.
Steps to Reproduce
- Configure Android SDK with JWT auth using
IterableAuthHandler.
- Set
autoPushRegistration = false.
- Identify user with
setUserId(userId).
- Let the SDK restore
userId and auth token from storage on later app starts.
- Observe calls to
IterableAuthHandler.onAuthTokenRequested() / backend JWT endpoint.
- Compare request volume with iOS SDK using the same JWT auth setup.
Iterable orgId: AutoScout24
Iterable SDK version: com.iterable:iterableapi:3.7.0
Android OS version: Multiple stable Android versions in production; exact affected versions not isolated yet.
Beta Software Notice
This issue is observed in production on stable Android versions, not beta/pre-release OS versions.
Issue Description
We are from AutoScout24 and are investigating high JWT auth token request volume on Android compared with iOS.
Over the last 7 days, our backend saw approximately:
Both apps use Iterable JWT auth with
userId. Both apps disable automatic push registration and manually sync push registration based on OS notification permission state.We want to understand why Android calls
IterableAuthHandler.onAuthTokenRequested()significantly more often than iOS.Questions:
onAuthTokenRequested()when a validuserIdand valid JWT have already been restored from SDK storage?autoPushRegistration = false?IterableApi.getInstance().getAuthToken()ever trigger auth refresh, or is it only a getter?Expected behavior:
If the SDK has restored a valid
userIdand valid JWT auth token, Android should not request a new JWT unless the token is missing, invalid, expired, close to expiry, or an Iterable API returns a JWT-related401.Steps to Reproduce
IterableAuthHandler.autoPushRegistration = false.setUserId(userId).userIdand auth token from storage on later app starts.IterableAuthHandler.onAuthTokenRequested()/ backend JWT endpoint.Iterable
orgId: AutoScout24Iterable SDK version:
com.iterable:iterableapi:3.7.0Android OS version: Multiple stable Android versions in production; exact affected versions not isolated yet.
Beta Software Notice
This issue is observed in production on stable Android versions, not beta/pre-release OS versions.