Add token update hook for auth token persistence#185
Merged
Conversation
Tesla recently started requiring the `vehicle_location` scope for the `/vehicle_data` endpoint. Without this scope, calls like `getAllData(vehicle)` fail with HTTP 403 (Forbidden). This PR adds `.vehicleLocation = "vehicle_location"` to the `TeslaAPI.Scope` enum so developers can request the proper scope when initializing the Fleet API client.
Patch Add support for `vehicle_location` Fleet API scope
houndci-bot
reviewed
May 1, 2026
| } catch let error { | ||
| if case let TeslaError.networkError(error: internalError) = error { | ||
| if internalError.code == 302 || internalError.code == 403 { | ||
| //Handle redirection for tesla.cn |
There was a problem hiding this comment.
Comment Spacing Violation: Prefer at least one space after slashes for comments. (comment_spacing)
jonasman
approved these changes
Jun 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
It improves refresh token / re-login handling in two areas:
This adds a central callback so apps can persist newly issued auth tokens, including rotated refresh tokens, immediately after authentication or token refresh.
Changes:
public var onTokenUpdate: ((AuthToken?) -> Void)?updateToken(_:)helperWhy:
Tesla refresh tokens can rotate during
refreshToken(). Without a central callback, apps may miss persisting the newly issued refresh token and can end up reusing an invalidated one on the next launch.This also addresses refresh races when multiple API requests happen at the same time.
Problems:
refreshToken()calls for the same expired tokenChanges:
private var refreshTask: Task<AuthToken, Error>?clearTokenIfUnchanged(refreshToken:)login_requiredresponse pathWhy:
Tesla refresh tokens can rotate. In apps that trigger several requests at startup or on screen load, parallel refresh attempts can race:
This should make refresh behavior more robust by: