[bug][collab] Uncaught jwtDecode(undefined) on collab auth failure; editor never reconnects #123

New Issue

Ghost · 2026-06-22T06:27:45+03:00

Ghost commented

2026-06-22 06:27:45 +03:00

Severity: high

When the collab token is missing/empty (e.g. the collab-token request 429s — see the throttle issue — or any auth failure), the editor throws an uncaught error and never recovers.

Where: apps/client/src/features/editor/page-editor.tsx:170 — inside onAuthenticationFailedHandler:

const payload = jwtDecode(collabQuery?.token); // throws if token is undefined

jwtDecode(undefined) throws Invalid token specified: must be a string. Additionally the handler only refetches a fresh token when the existing one is expired, so a 429/missing-token failure is never retried → collab stays unauthenticated with no recovery path.

Repro: open a page while collab-token is failing (429). Console shows PAGEERROR: Invalid token specified: must be a string. Verified it fires only on collab auth failure (a clean 200 open produces no error), so it is downstream of the throttle bug but is a distinct defect.

Suggested fix: guard the decode (if (!token) { refetch + reconnect; return }), wrap in try/catch, read the latest token from a ref (the handler closes over a possibly-stale collabQuery), and refetch+reconnect on any auth failure, not only on expiry.

Filed from an automated full-product QA pass on develop @ v0.93.0-64-gb60190ff, fresh DB. Each item below was reproduced live in a clean browser session unless noted.

**Severity:** high When the collab token is missing/empty (e.g. the collab-token request 429s — see the throttle issue — or any auth failure), the editor throws an uncaught error and never recovers. **Where:** `apps/client/src/features/editor/page-editor.tsx:170` — inside `onAuthenticationFailedHandler`: ```js const payload = jwtDecode(collabQuery?.token); // throws if token is undefined ``` `jwtDecode(undefined)` throws `Invalid token specified: must be a string`. Additionally the handler only refetches a fresh token when the existing one is **expired**, so a 429/missing-token failure is never retried → collab stays unauthenticated with no recovery path. **Repro:** open a page while collab-token is failing (429). Console shows `PAGEERROR: Invalid token specified: must be a string`. Verified it fires **only** on collab auth failure (a clean 200 open produces no error), so it is downstream of the throttle bug but is a distinct defect. **Suggested fix:** guard the decode (`if (!token) { refetch + reconnect; return }`), wrap in try/catch, read the latest token from a ref (the handler closes over a possibly-stale `collabQuery`), and refetch+reconnect on any auth failure, not only on expiry. --- _Filed from an automated full-product QA pass on `develop` @ `v0.93.0-64-gb60190ff`, fresh DB. Each item below was reproduced live in a clean browser session unless noted._

Ghost referenced a pull request that will close this issue

2026-06-22 20:48:21 +03:00

fix(qa): resolve QA-pass issues #122–#134 #135

Ghost referenced this issue from a commit

2026-06-22 20:48:23 +03:00

fix(qa): resolve QA-pass issues #122–#134

vvzvlad referenced this issue

2026-06-22 21:01:41 +03:00

fix(qa): resolve QA-pass issues #122–#134 #135

vvzvlad closed this issue

2026-06-22 21:07:19 +03:00

Sign in to join this conversation.