Secure token request helper swallows API errors and hides auth/cookie failures #1141
Description
Summary
tokenRequestHandler logs errors but does not rethrow them, causing failed secure token requests to silently resolve as undefined.
Affected Code
packages/auth/src/utils/tokenRequestHandler.ts:25packages/auth/src/utils/tokenRequestHandler.ts:26
Problem
In the catch block, errors are only logged:
- no rethrow
- no explicit failure result
This makes callers treat real request failures as missing token/null-like outcomes.
Impact
- Silent auth/cookie failures
- Hard-to-debug secure login behavior
- Error handling paths are bypassed because promise rejection never occurs
Reproduction
- Use secure auth mode.
- Cause
/auth-tokenrequest to fail (network failure / non-2xx). - Observe
tokenRequestHandlerreturnsundefinedinstead of rejecting. - Caller falls back as if no token was present.
Expected
Request failure should reject so callers can handle true error conditions.
Actual
Failure is swallowed and converted into implicit undefined.
Proposed Fix
Rethrow after logging in tokenRequestHandler (or return a typed error result), so callers can reliably distinguish failure from missing token cases.