EntitiesInterfaces

CredentialRefreshFallbackWarning

View as MarkdownOpen in Claude

Emitted when the SDK falls back to the developer-provided CredentialProvider.refresh because the Client Bound SAT path could not take over.

Common causes:

  • The minted SAT lacks sat:refresh scope (reason: 'no-scope').
  • The /devices/token exchange failed transiently (reason: 'endpoint-failed'; see DeviceTokenError).

Subscribe via client.warnings$ to detect:

  • SDKs running with plain SATs that rely on developer-managed refresh
  • Deployments expected to use bound tokens that silently downgraded to bearer (a security-relevant signal for fleet observability)

Properties

code
"credential_refresh_fallback"Required

Discriminant identifying this warning.

source
"CredentialProvider"Required

The SDK subsystem that emitted the warning.

reason
CredentialRefreshFallbackReasonRequired

Why the fallback occurred. See CredentialRefreshFallbackReason.

message
stringRequired

Human-readable description of the fallback.