Fixes

Author: sumchattering

swift-sdk.xcodeproj/project.pbxproj

@@ -187,6 +187,7 @@
 		8AAA8BC32D07310600DF8220 /* IterableInboxViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8AAA8BA52D07310600DF8220 /* IterableInboxViewController.swift */; };
 		8AAA8BC42D07310600DF8220 /* IterableAppIntegration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8AAA8B992D07310600DF8220 /* IterableAppIntegration.swift */; };
 		8AAA8BCD2D07310600DF8220 /* RetryPolicy.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8AAA8B252D07310600DF8220 /* RetryPolicy.swift */; };
+		9313470310D6B94EBF01743D /* AuthTokenValidityState.swift in Sources */ = {isa = PBXBuildFile; fileRef = 54D3BD1417B5702B16498AFF /* AuthTokenValidityState.swift */; };
 		8AAA8BD32D07310600DF8220 /* IterableEmbeddedManagerProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8AAA8B282D07310600DF8220 /* IterableEmbeddedManagerProtocol.swift */; };
 		8AAA8BD52D07310600DF8220 /* AuthFailure.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8AAA8B2D2D07310600DF8220 /* AuthFailure.swift */; };
 		8AAA8BD62D07310600DF8220 /* AuthFailureReason.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8AAA8B2E2D07310600DF8220 /* AuthFailureReason.swift */; };
@@ -644,6 +645,7 @@
 		8AAA8B232D07310600DF8220 /* IterableInAppMessage.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = IterableInAppMessage.swift; sourceTree = "<group>"; };
 		8AAA8B242D07310600DF8220 /* IterablePushNotificationMetadata.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = IterablePushNotificationMetadata.swift; sourceTree = "<group>"; };
 		8AAA8B252D07310600DF8220 /* RetryPolicy.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RetryPolicy.swift; sourceTree = "<group>"; };
+		54D3BD1417B5702B16498AFF /* AuthTokenValidityState.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AuthTokenValidityState.swift; sourceTree = "<group>"; };
 		8AAA8B272D07310600DF8220 /* IterableAuthManagerProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = IterableAuthManagerProtocol.swift; sourceTree = "<group>"; };
 		8AAA8B282D07310600DF8220 /* IterableEmbeddedManagerProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = IterableEmbeddedManagerProtocol.swift; sourceTree = "<group>"; };
 		8AAA8B292D07310600DF8220 /* IterableEmbeddedUpdateDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = IterableEmbeddedUpdateDelegate.swift; sourceTree = "<group>"; };
@@ -1049,6 +1051,7 @@
 				8AAA8B222D07310600DF8220 /* IterableEmbeddedMessage.swift */,
 				8AAA8B232D07310600DF8220 /* IterableInAppMessage.swift */,
 				8AAA8B242D07310600DF8220 /* IterablePushNotificationMetadata.swift */,
+				54D3BD1417B5702B16498AFF /* AuthTokenValidityState.swift */,
 				8AAA8B252D07310600DF8220 /* RetryPolicy.swift */,
 			);
 			path = Models;
@@ -2212,6 +2215,7 @@
 				8AAA8BC32D07310600DF8220 /* IterableInboxViewController.swift in Sources */,
 				8AAA8BC42D07310600DF8220 /* IterableAppIntegration.swift in Sources */,
 				8AAA8BCD2D07310600DF8220 /* RetryPolicy.swift in Sources */,
+				9313470310D6B94EBF01743D /* AuthTokenValidityState.swift in Sources */,
 				8AAA8BD32D07310600DF8220 /* IterableEmbeddedManagerProtocol.swift in Sources */,
 				8AAA8BD52D07310600DF8220 /* AuthFailure.swift in Sources */,
 				8AAA8BD62D07310600DF8220 /* AuthFailureReason.swift in Sources */,

swift-sdk/Core/Models/AuthTokenValidityState.swift

@@ -0,0 +1,11 @@
+//
+//  Copyright © 2025 Iterable. All rights reserved.
+//
+
+import Foundation
+
+@objc public enum AuthTokenValidityState: Int {
+    case unknown = 0
+    case valid = 1
+    case invalid = 2
+}

swift-sdk/Core/Protocols/IterableAuthManagerProtocol.swift

@@ -14,5 +14,6 @@ import Foundation
     func handleAuthFailure(failedAuthToken: String?, reason: AuthFailureReason)
     func pauseAuthRetries(_ pauseAuthRetry: Bool)
     func setIsLastAuthTokenValid(_ isValid: Bool)
+    func getLastAuthTokenState() -> AuthTokenValidityState
     func getNextRetryInterval() -> Double
 }

swift-sdk/Internal/AuthManager.swift

@@ -72,7 +72,7 @@ class AuthManager: IterableAuthManagerProtocol {
     }
 
     private func shouldUseLastValidToken(_ shouldIgnoreRetryPolicy: Bool) -> Bool {
-        return isLastAuthTokenValid && !shouldIgnoreRetryPolicy
+        return lastAuthTokenState == .valid && !shouldIgnoreRetryPolicy
     }
 
     func setNewToken(_ newToken: String) {
@@ -97,7 +97,7 @@ class AuthManager: IterableAuthManagerProtocol {
             localStorage.unknownUserUpdate = nil
         }
 
-        isLastAuthTokenValid = false
+        lastAuthTokenState = .unknown
     }
 
     // MARK: - Private/Internal
@@ -110,7 +110,7 @@ class AuthManager: IterableAuthManagerProtocol {
 
     private var authRetryPolicy: RetryPolicy
     private var retryCount: Int = 0
-    private var isLastAuthTokenValid: Bool = false
+    private var lastAuthTokenState: AuthTokenValidityState = .unknown
     private var pauseAuthRetry: Bool = false
     private var isTimerScheduled: Bool = false
 
@@ -128,11 +128,22 @@ class AuthManager: IterableAuthManagerProtocol {
     }
 
     func setIsLastAuthTokenValid(_ isValid: Bool) {
-        isLastAuthTokenValid = isValid
         if isValid {
+            lastAuthTokenState = .valid
             NotificationCenter.default.post(name: .iterableAuthTokenRefreshed, object: nil)
+        } else {
+            // Only transition to .invalid from .valid.
+            // When state is .unknown (token just refreshed, awaiting validation),
+            // keep it as .unknown — the next successful request will set .valid.
+            if lastAuthTokenState == .valid {
+                lastAuthTokenState = .invalid
+            }
         }
     }
+
+    func getLastAuthTokenState() -> AuthTokenValidityState {
+        return lastAuthTokenState
+    }
 
     func getNextRetryInterval() -> Double {
         var nextRetryInterval = Double(authRetryPolicy.retryInterval)
@@ -161,14 +172,19 @@ class AuthManager: IterableAuthManagerProtocol {
 
     private func onAuthTokenReceived(retrievedAuthToken: String?, onSuccess: AuthTokenRetrievalHandler? = nil) {
         ITBInfo()
-        
+
         pendingAuth = false
-        
+
         // Set the new token first
         authToken = retrievedAuthToken
         storeAuthToken()
-        
+
         if retrievedAuthToken != nil {
+            // Only transition to .unknown from .invalid (auth recovery).
+            // When state is .valid (normal scheduled refresh), keep it .valid.
+            if lastAuthTokenState == .invalid {
+                lastAuthTokenState = .unknown
+            }
             let isRefreshQueued = queueAuthTokenExpirationRefresh(retrievedAuthToken, onSuccess: onSuccess)
             if !isRefreshQueued {
                 onSuccess?(authToken)

swift-sdk/Internal/InternalIterableAPI.swift

@@ -37,6 +37,12 @@ final class InternalIterableAPI: NSObject, PushTrackerProtocol, AuthProvider {
             authManager.getAuthToken()
         }
     }
+
+    var lastAuthTokenState: AuthTokenValidityState {
+        get {
+            authManager.getLastAuthTokenState()
+        }
+    }
 
     var deviceId: String {
         if let value = localStorage.deviceId {

swift-sdk/Internal/api-client/Request/OfflineRequestProcessor.swift

@@ -22,7 +22,8 @@ struct OfflineRequestProcessor: RequestProcessorProtocol {
         self.deviceMetadata = deviceMetadata
         self.taskScheduler = taskScheduler
         self.taskRunner = taskRunner
-        notificationListener = NotificationListener(notificationCenter: notificationCenter)
+        notificationListener = NotificationListener(notificationCenter: notificationCenter,
+                                                      authManager: authManager)
     }
 
     var autoRetry: Bool {
@@ -423,16 +424,21 @@ struct OfflineRequestProcessor: RequestProcessorProtocol {
     }
 
     private class NotificationListener: NSObject {
-        init(notificationCenter: NotificationCenterProtocol) {
+        init(notificationCenter: NotificationCenterProtocol,
+             authManager: IterableAuthManagerProtocol? = nil) {
             ITBInfo("OfflineRequestProcessor.NotificationListener.init()")
             self.notificationCenter = notificationCenter
+            self.authManager = authManager
             super.init()
             self.notificationCenter.addObserver(self,
                                                 selector: #selector(onTaskFinishedWithSuccess(notification:)),
                                                 name: .iterableTaskFinishedWithSuccess, object: nil)
             self.notificationCenter.addObserver(self,
                                                 selector: #selector(onTaskFinishedWithNoRetry(notification:)),
                                                 name: .iterableTaskFinishedWithNoRetry, object: nil)
+            self.notificationCenter.addObserver(self,
+                                                selector: #selector(onTaskFinishedWithRetry(notification:)),
+                                                name: .iterableTaskFinishedWithRetry, object: nil)
         }
 
         deinit {
@@ -464,6 +470,18 @@ struct OfflineRequestProcessor: RequestProcessorProtocol {
                 ITBError("Could not find taskId for notification")
             }
         }
+
+        @objc
+        private func onTaskFinishedWithRetry(notification: Notification) {
+            ITBInfo()
+            if let taskSendRequestError = IterableNotificationUtil.notificationToTaskSendRequestError(notification) {
+                let error = taskSendRequestError.sendRequestError
+                if error.httpStatusCode == 401, RequestProcessorUtil.matchesJWTErrorCode(error.iterableCode) {
+                    ITBInfo("JWT auth failure in offline task, invalidating auth token state")
+                    authManager?.setIsLastAuthTokenValid(false)
+                }
+            }
+        }
 
         private func addPendingTask(taskId: String) -> Pending<SendRequestValue, SendRequestError> {
             let result = Fulfill<SendRequestValue, SendRequestError>()
@@ -501,6 +519,7 @@ struct OfflineRequestProcessor: RequestProcessorProtocol {
         }
 
         private let notificationCenter: NotificationCenterProtocol
+        private weak var authManager: IterableAuthManagerProtocol?
         private var pendingTasksMap = [String: Fulfill<SendRequestValue, SendRequestError>]()
         private var pendingTasksQueue = DispatchQueue(label: "pendingTasks")
     }

swift-sdk/SDK/IterableAPI.swift

@@ -33,6 +33,13 @@ import UIKit
             implementation?.authToken
         }
     }
+
+    /// The current validity state of the auth token as determined by the SDK
+    public static var lastAuthTokenState: AuthTokenValidityState {
+        get {
+            implementation?.lastAuthTokenState ?? .unknown
+        }
+    }
 
     /// The `userInfo` dictionary which came with last push
     public static var lastPushPayload: [AnyHashable: Any]? {

tests/business-critical-integration/integration-test-app/IterableSDK-Integration-Tester/App/OfflineRetry/OfflineRetryTestViewController.swift

@@ -717,12 +717,32 @@ final class OfflineRetryTestViewController: UIViewController {
             token = IterableAPI.authToken
         }
         let remaining = JwtHelper.remainingLabel(token: token)
-        if remaining == "Expired" || remaining == "No Token" {
-            authStatusLabel.text = remaining
+
+        // Use SDK's auth validity state instead of just JWT expiry
+        let sdkState = IterableAPI.lastAuthTokenState
+        switch sdkState {
+        case .valid:
+            if remaining == "Expired" || remaining == "No Token" {
+                authStatusLabel.text = remaining
+                authStatusLabel.textColor = .systemRed
+            } else {
+                authStatusLabel.text = "Valid (\(remaining))"
+                authStatusLabel.textColor = .systemGreen
+            }
+        case .invalid:
+            authStatusLabel.text = "Invalid (\(remaining))"
             authStatusLabel.textColor = .systemRed
-        } else {
-            authStatusLabel.text = "Valid (\(remaining))"
-            authStatusLabel.textColor = .systemGreen
+        case .unknown:
+            if remaining == "Expired" || remaining == "No Token" {
+                authStatusLabel.text = remaining
+                authStatusLabel.textColor = .systemRed
+            } else {
+                authStatusLabel.text = "Unknown (\(remaining))"
+                authStatusLabel.textColor = .systemOrange
+            }
+        @unknown default:
+            authStatusLabel.text = remaining
+            authStatusLabel.textColor = .systemGray
         }
     }
 

tests/common/MockAuthManager.swift

@@ -54,6 +54,10 @@ class MockAuthManager: IterableAuthManagerProtocol {
     func setIsLastAuthTokenValid(_ isValid: Bool) {
         isLastAuthTokenValid = isValid
     }
+
+    func getLastAuthTokenState() -> AuthTokenValidityState {
+        return isLastAuthTokenValid ? .valid : .invalid
+    }
 
     func getNextRetryInterval() -> Double {
         getNextRetryIntervalCalled = true