openclaw - 💡(How to fix) Fix [Bug]: Feishu embedded agent returns HTTP 401 "Invalid token" to user instead of retrying with refreshed token [1 participants]

Feishu embedded agent returns raw HTTP 401 "Invalid token" error to user instead of retrying with refreshed token The embedded agent should detect the 401, trigger a token refresh, and retry the request. At minimum, it should not surface the raw HTTP error message to the end user. The 401 error is passed directly as the reply text to the Feishu user. Logs show the token refresh (config reload) occurs after the error has already been returned. The webchat session recovers after refresh, but the Feishu embedded agent continues to fail intermittently on subsequent requests. [agent/embedded] embedded run agent end: isError=true error=HTTP 401: "Invalid token"

Fix Plan

To address the issue of the Feishu embedded agent returning a raw HTTP 401 "Invalid token" error instead of retrying with a refreshed token, we need to implement a token refresh mechanism that triggers before the request is sent or immediately after a 401 error is encountered. Here are the steps:

• Modify the Token Refresh Logic: Ensure that the token refresh logic is triggered before sending a request or immediately after encountering a 401 error.
• Implement Retry Mechanism: Implement a retry mechanism that catches the 401 error, refreshes the token, and then retries the request.
• Handle Token Expiry: Anticipate token expiry by refreshing the token before it expires or when a 401 error is encountered.

Example Code Snippet

Here's a simplified example in Python of how you might implement a retry mechanism with token refresh:

import requests
import time

def refresh_token():
    # Logic to refresh the token
    # This is a placeholder, actual implementation depends on your token refresh API
    return "new_token"

def send_request(token, url, data):
    headers = {"Authorization": f"Bearer {token}"}
    response = requests.post(url, headers=headers, json=data)
    return response

def retry_with_refresh(token, url, data, max_retries=3):
    for attempt in range(max_retries):
        try:
            response = send_request(token, url, data)
            response.raise_for_status()  # Raise an exception for HTTP errors
            return response
        except requests.HTTPError as e:
            if e.response.status_code == 401:
                token = refresh_token()  # Refresh the token
                continue
            else:
                raise
    return None  # All retries failed

# Usage example
token = "your_initial_token"
url = "https://example.com/api/endpoint"
data = {"key": "value"}

response = retry_with_refresh(token, url, data)
if response:
    print("Request successful:", response.text)
else:
    print("All retries failed.")

Verification

To verify that the fix worked:

• Test the scenario that previously resulted in a 401 error being returned to the user.
• Verify that after encountering a 401 error, the request is retried with a refreshed token.
• Check logs to ensure that the token refresh and retry mechanism are working as expected.

Extra Tips

• Ensure that your token refresh logic is efficient and doesn't lead to unnecessary refreshes.
• Consider implementing a backoff strategy for retries to avoid overwhelming the server with requests.
• Always handle potential exceptions and errors that might occur during the token refresh and retry process.