fix: refreshAuth does a GET request

cristiand391 · cristiand391 · commit 2d22d1457e10 · 2025-11-20T13:37:44.000-03:00
We do need the repsonse body for jsforce to tell when it shouldn't retry refreshing the session
diff --git a/src/org/connection.ts b/src/org/connection.ts
@@ -415,7 +415,7 @@ export class Connection<S extends Schema = Schema> extends JSForceConnection<S>
   }
 
   /**
-   * Executes a HEAD request on the baseUrl to force an auth refresh.
+   * Executes a GET request on the baseUrl to force an auth refresh.
    * This is useful for the raw methods (request, requestRaw) that use the accessToken directly and don't handle refreshes.
    *
    * This method issues a request using the current access token to check if it is still valid.
@@ -427,7 +427,13 @@ export class Connection<S extends Schema = Schema> extends JSForceConnection<S>
     this.logger.debug('Refreshing auth for org.');
     const requestInfo: HttpRequest = {
       url: this.baseUrl(),
-      method: 'HEAD',
+      /**
+       * IMPORTANT:
+       * We do a GET request instead of a HEAD to get the response body.
+       *
+       * jsforce relies on the res status code AND body to be able to stop retrying on known invalid scenarios (e.g. API access restricted to a specific CA/ECA)
+       */
+      method: 'GET',
     };
     await this.request(requestInfo);
   }
diff --git a/src/org/org.ts b/src/org/org.ts
@@ -997,21 +997,16 @@ export class Org extends AsyncOptionalCreatable<Org.Options> {
   }
 
   /**
-   * Executes a HEAD request on the baseUrl to force an auth refresh.
+   * Executes a GET request on the baseUrl to force an auth refresh.
    * This is useful for the raw methods (request, requestRaw) that use the accessToken directly and don't handle refreshes.
    *
    * This method issues a request using the current access token to check if it is still valid.
    * If the request returns 200, no refresh happens, and we keep the token.
    * If it returns 401, jsforce will request a new token and set it in the connection instance.
    */
-  public async refreshAuth(): Promise<void> {
-    this.logger.debug('Refreshing auth for org.');
-    const requestInfo: HttpRequest = {
-      url: this.getConnection().baseUrl(),
-      method: 'HEAD',
-    };
 
-    await this.getConnection().request(requestInfo);
+  public async refreshAuth(): Promise<ReturnType<Connection['refreshAuth']>> {
+    await this.getConnection().refreshAuth();
   }
 
   /**
diff --git a/test/unit/org/org.test.ts b/test/unit/org/org.test.ts
@@ -945,10 +945,15 @@ describe('Org Tests', () => {
 
   describe('refresh auth', () => {
     let url: string;
+    type RequestInfo = { method: string } & AnyJson;
+
     beforeEach(() => {
-      $$.fakeConnectionRequest = (requestInfo: AnyJson): Promise<AnyJson> => {
-        url = ensureString(ensureJsonMap(requestInfo).url);
-        return Promise.resolve({});
+      $$.fakeConnectionRequest = (requestInfo: RequestInfo): Promise<AnyJson> => {
+        if (requestInfo.method === 'GET') {
+          url = ensureString(ensureJsonMap(requestInfo).url);
+          return Promise.resolve({});
+        }
+        throw new Error('refreshAuth should always a GET request to get the response body');
       };
     });
     it('should request an refresh token', async () => {
