[HOLD for payment 2025-02-04] [HOLD for payment 2025-01-30] [HOLD for payment 2025-01-22] [$750] Prevent the 401 permission denied error within the CompleteGuidedSetup command.

[trjExpensify]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: v9.0.80-6
Reproducible in staging?: Y
Reproducible in production?: Y
If this was caught on HybridApp, is this reproducible on New Expensify Standalone?: N/A
If this was caught during regression testing, add the test name, ID and link from TestRail: No, discovered via FS
Email or phone of affected tester (no customers): reproduced using tom+newsldofk@trj.chat (example 1) & tom+fdlgo2@trj.chat (example 2).
Logs: Internal logs (example 1, example 2). RequestIDs: 8fdfe0372aa76546-LHR, 8fdfb1c17a456546-LHR.
Issue reported by: @anmurali
Slack conversation #convert

Action Performed:

Prerequisites:

• Don’t use incognito.
• Make sure you’re signed-out of any account on new.expensify.com and expensify.com prior to starting the steps below.

Repro Steps:

1. Go to expensify.com, sign up for a new account and choose the 10+ signUpQualifier option (so tryNewDot NVP is not set, and you are not redirected to NewDot).
2. On expensify.com, click Settings > Workspace > Group > create a Control workspace so you have a workspace in that account.
3. Click Support > Concierge to transition to NewDot (it’ll open a new tab)
4. Switch back to the expensify.com tab > click your avatar top left > sign out
5. Sign-up for a new account on expensify.com, choose the 2-9 signUpQualifier option this time (so the tryNewDot NVP is set and you're redirected to NewDot).
6. Complete the accounting step of the onboarding modal.
7. Observe the CompleteGuidedSetup command fails with the 401 permission denied auth error.

Expected Result:

The policyID used in the CompleteGuidedSetup call is the policyID of the policy we create for the newly signed up user. As such, there should not be errors on completing the final onboarding step. The onboarding tasks should be created successfully, and the onboarding modal should not reappear.

Actual Result:

The policyID of the existing signed in user is used in the CompleteGuidedSetup call for the newly signed up user. That results in a permission error thrown here (internal code ref), because the newly signed-up user does not have admin write access to said policy in question.

@mountiny thinks the onboardingPolicyID onyx key is not cleared properly across the sessions, and this can be external to dig into further as to why it's happening.

Workaround:

Use a different device.

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Standalone
• Android: HybridApp
• Android: mWeb Chrome
• iOS: Standalone
• iOS: HybridApp
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Example 1:

2025-01-07_00-30-13.mp4

Example 2:

2025-01-07_00-05-14.mp4

View all open jobs on GitHub

Issue Owner

Current Issue Owner: @

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~021876634551444543376
• Upwork Job ID: 1876634551444543376
• Last Price Increase: 2025-01-10
• Automatic offers:
• nkdengineer | Contributor | 105776828

Issue Owner

Current Issue Owner: @trjExpensify

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @hungvu193 (External)

[melvin-bot]

Current assignee @trjExpensify is eligible for the Bug assigner, not assigning anyone new.

[nkdengineer]

@trjExpensify I can reproduce this on staging and I see the problem is the CreateWorkspace API is added to the SequentialQueue but it isn't called. So the onboardingPolicyID is only optimistic data then the onboarding API returns an error.

I cannot reproduce on dev to find the RCA.

[trjExpensify]

Interesting. I wonder why you wouldn't be able to reproduce on dev? 🤔

[nkdengineer]

When I change the link to dev link and reproduce this bug, CreateWorkspace API is always called then I cannot reproduce this.

[mountiny]

Hmm that is tricky, I would leave this for a bit for more proposals