> For a complete index of all SignalWire documentation pages, fetch https://signalwire.com/docs/llms.txt

# CredentialRefreshFallbackWarning

> Emitted when the SDK falls back to the developer-provided refresh.

Emitted when the SDK falls back to the developer-provided
[`CredentialProvider.refresh`](/docs/browser-sdk/v4/reference/interfaces/credential-provider)
because the Client Bound SAT path could not take over.

Common causes:

* The minted SAT lacks `sat:refresh` scope (`reason: 'no-scope'`).
* The `/devices/token` exchange failed transiently (`reason: 'endpoint-failed'`; see [`DeviceTokenError`](/docs/browser-sdk/v4/reference/errors/device-token-error)).

Subscribe via [`client.warnings$`](/docs/browser-sdk/v4/reference/signalwire/warnings\$) to detect:

* SDKs running with plain SATs that rely on developer-managed refresh
* Deployments expected to use bound tokens that silently downgraded to bearer
  (a security-relevant signal for fleet observability)

## **Properties**

Discriminant identifying this warning.

The SDK subsystem that emitted the warning.

Why the fallback occurred. See [`CredentialRefreshFallbackReason`](/docs/browser-sdk/v4/reference/type-aliases/credential-refresh-fallback-reason).

Human-readable description of the fallback.