@webex/plugin-meetings 3.11.0-next.47 → 3.11.0-next.48

package/package.json

@@ -65,12 +65,12 @@
     "@webex/internal-media-core": "2.23.1",
     "@webex/internal-plugin-conversation": "3.11.0-next.11",
     "@webex/internal-plugin-device": "3.11.0-next.8",
-    "@webex/internal-plugin-llm": "3.11.0-next.11",
+    "@webex/internal-plugin-llm": "3.11.0-next.12",
     "@webex/internal-plugin-mercury": "3.11.0-next.10",
     "@webex/internal-plugin-metrics": "3.11.0-next.8",
     "@webex/internal-plugin-support": "3.11.0-next.11",
     "@webex/internal-plugin-user": "3.11.0-next.8",
-    "@webex/internal-plugin-voicea": "3.11.0-next.12",
+    "@webex/internal-plugin-voicea": "3.11.0-next.13",
     "@webex/media-helpers": "3.11.0-next.4",
     "@webex/plugin-people": "3.11.0-next.10",
     "@webex/plugin-rooms": "3.11.0-next.11",
@@ -84,6 +84,7 @@
     "global": "^4.4.0",
     "ip-anonymize": "^0.1.0",
     "javascript-state-machine": "^3.1.0",
+    "jose": "^5.8.0",
     "jwt-decode": "3.1.2",
     "lodash": "^4.17.21",
     "uuid": "^3.3.2",
@@ -93,5 +94,5 @@
   "//": [
     "TODO: upgrade jwt-decode when moving to node 18"
   ],
-  "version": "3.11.0-next.47"
+  "version": "3.11.0-next.48"
 }

package/src/interceptors/dataChannelAuthToken.ts

@@ -5,6 +5,7 @@
 import {Interceptor} from '@webex/http-core';
 import LoggerProxy from '../common/logs/logger-proxy';
 import {DATA_CHANNEL_AUTH_HEADER, MAX_RETRY, RETRY_INTERVAL, RETRY_KEY} from './constant';
+import {isJwtTokenExpired} from './utils';
 
 /*!
  * Copyright (c) 2015-2026 Cisco Systems, Inc. See LICENSE file.
@@ -69,6 +70,33 @@ export default class DataChannelAuthTokenInterceptor extends Interceptor {
     return key ? headers[key] : undefined;
   }
 
+  /**
+   * Intercepts outgoing requests and refreshes the Data-Channel-Auth-Token
+   * if the current JWT token is expired before the request is sent.
+   *
+   * @param {Object} options - The original request options.
+   * @returns {Promise<Object>} Updated request options with refreshed token if needed.
+   */
+  async onRequest(options) {
+    const token = this.getHeader(options.headers, DATA_CHANNEL_AUTH_HEADER);
+    const enabled = await this._isDataChannelTokenEnabled();
+
+    if (!token || !enabled) {
+      return options;
+    }
+
+    if (isJwtTokenExpired(token)) {
+      try {
+        const newToken = await this._refreshDataChannelToken();
+        options.headers[DATA_CHANNEL_AUTH_HEADER] = newToken;
+      } catch (e) {
+        LoggerProxy.logger.warn(`DataChannelAuthTokenInterceptor: refresh failed: ${e.message}`);
+      }
+    }
+
+    return options;
+  }
+
   /**
    * Intercept responses and, on 401/403 with `Data-Channel-Auth-Token` header,
    * attempt to refresh the data channel token and retry the original request once.

package/src/interceptors/utils.ts

@@ -0,0 +1,16 @@
+import * as jose from 'jose';
+
+const EXPIRY_BUFFER = 30 * 1000;
+
+// eslint-disable-next-line import/prefer-default-export
+export const isJwtTokenExpired = (token: string): boolean => {
+  try {
+    const payload = jose.decodeJwt(token);
+
+    if (!payload?.exp) return false;
+
+    return payload.exp * 1000 < Date.now() + EXPIRY_BUFFER;
+  } catch {
+    return true;
+  }
+};

package/src/meeting/index.ts

@@ -10317,12 +10317,12 @@ export default class Meeting extends StatelessWebexPlugin {
     } catch (e) {
       const msg = e?.message || String(e);
 
-      const err = Object.assign(new Error(`Failed to refresh data channel token: ${msg}`), {
-        statusCode: e?.statusCode,
-        original: e,
-      });
+      LoggerProxy.logger.warn(
+        `Meeting:index#refreshDataChannelToken --> DataChannel token refresh failed (likely locus changed or participant left): ${msg}`,
+        {statusCode: e?.statusCode}
+      );
 
-      throw err;
+      return null;
     }
   }
 

package/src/meeting/request.ts

@@ -1159,13 +1159,13 @@ export default class MeetingRequest extends StatelessWebexPlugin {
       method: HTTP_VERBS.GET,
       uri,
     }).catch((err) => {
-      LoggerProxy.logger.error(
-        `Meeting:request#fetchDatachannelToken --> Error retrieving ${
+      LoggerProxy.logger.warn(
+        `Meeting:request#fetchDatachannelToken --> Failed to retrieve ${
           isPracticeSession ? 'practice session ' : ''
-        }datachannel token, error ${err}`
+        }datachannel token: ${err?.message || err}`
       );
 
-      throw err;
+      return null;
     });
   }
 }

package/src/webinar/index.ts

@@ -177,6 +177,8 @@ const Webinar = WebexPlugin.extend({
 
     const finalToken = currentToken ?? practiceSessionDatachannelToken;
 
+    const isCaptionBoxOn = this.webex.internal.voicea.getIsCaptionBoxOn();
+
     if (!currentToken && practiceSessionDatachannelToken) {
       // @ts-ignore
       this.webex.internal.llm.setDatachannelToken(
@@ -219,6 +221,9 @@ const Webinar = WebexPlugin.extend({
         );
         // @ts-ignore - Fix type
         this.webex.internal.voicea?.announce?.();
+        if (isCaptionBoxOn) {
+          this.webex.internal.voicea.updateSubchannelSubscriptions({subscribe: ['transcription']});
+        }
         LoggerProxy.logger.info(
           `Webinar:index#updatePSDataChannel --> enabled to receive relay events for default session for ${LLM_PRACTICE_SESSION}!`
         );

package/test/unit/spec/interceptors/dataChannelAuthToken.ts

@@ -5,6 +5,7 @@ import MockWebex from '@webex/test-helper-mock-webex';
 import {WebexHttpError} from '@webex/webex-core';
 import DataChannelAuthTokenInterceptor from '@webex/plugin-meetings/src/interceptors/dataChannelAuthToken';
 import LoggerProxy from '@webex/plugin-meetings/src/common/logs/logger-proxy';
+import * as utils from '@webex/plugin-meetings/src/interceptors/utils';
 import {DATA_CHANNEL_AUTH_HEADER, MAX_RETRY} from '@webex/plugin-meetings/src/interceptors/constant';
 
 describe('plugin-meetings', () => {
@@ -14,6 +15,10 @@ describe('plugin-meetings', () => {
 
       beforeEach(() => {
         clock = sinon.useFakeTimers();
+        sinon.stub(LoggerProxy, 'logger').value({
+          error: sinon.stub(),
+          warn: sinon.stub(),
+        });
 
         webex = new MockWebex({children: {}});
         webex.request = sinon.stub().resolves({});
@@ -25,6 +30,7 @@ describe('plugin-meetings', () => {
       });
 
       afterEach(() => {
+        sinon.restore();
         clock.restore();
       });
 
@@ -86,6 +92,69 @@ describe('plugin-meetings', () => {
         });
       });
 
+      describe('#onRequest', () => {
+        let isJwtTokenExpiredStub;
+
+        beforeEach(() => {
+          isJwtTokenExpiredStub = sinon.stub(utils, 'isJwtTokenExpired').returns(false);
+        });
+
+        it('does nothing when token is missing', async () => {
+          const options = {headers: {}};
+
+          const res = await interceptor.onRequest(options);
+
+          expect(res).to.equal(options);
+          sinon.assert.notCalled(isJwtTokenExpiredStub);
+        });
+
+        it('does nothing when feature is disabled', async () => {
+          interceptor._isDataChannelTokenEnabled.resolves(false);
+
+          const options = {headers: {[DATA_CHANNEL_AUTH_HEADER]: 'old-token'}};
+          const res = await interceptor.onRequest(options);
+
+          expect(res).to.equal(options);
+          sinon.assert.notCalled(isJwtTokenExpiredStub);
+        });
+
+        it('does not refresh when token is not expired', async () => {
+          interceptor._isDataChannelTokenEnabled.resolves(true);
+          isJwtTokenExpiredStub.returns(false);
+
+          const options = {headers: {[DATA_CHANNEL_AUTH_HEADER]: 'old-token'}};
+          const res = await interceptor.onRequest(options);
+
+          sinon.assert.notCalled(interceptor._refreshDataChannelToken);
+          expect(res.headers[DATA_CHANNEL_AUTH_HEADER]).to.equal('old-token');
+        });
+
+        it('refreshes token when expired', async () => {
+          interceptor._isDataChannelTokenEnabled.resolves(true);
+          isJwtTokenExpiredStub.returns(true);
+
+          interceptor._refreshDataChannelToken.resolves('new-token');
+
+          const options = {headers: {[DATA_CHANNEL_AUTH_HEADER]: 'old-token'}};
+          const res = await interceptor.onRequest(options);
+
+          sinon.assert.calledOnce(interceptor._refreshDataChannelToken);
+          expect(res.headers[DATA_CHANNEL_AUTH_HEADER]).to.equal('new-token');
+        });
+
+        it('continues request when refresh fails', async () => {
+          interceptor._isDataChannelTokenEnabled.resolves(true);
+          isJwtTokenExpiredStub.returns(true);
+
+          interceptor._refreshDataChannelToken.rejects(new Error('refresh failed'));
+
+          const options = {headers: {[DATA_CHANNEL_AUTH_HEADER]: 'old-token'}};
+          const res = await interceptor.onRequest(options);
+
+          expect(res.headers[DATA_CHANNEL_AUTH_HEADER]).to.equal('old-token');
+        });
+      });
+
       describe('#refreshTokenAndRetryWithDelay', () => {
         const options = {
           headers: {[DATA_CHANNEL_AUTH_HEADER]: 'old-token'},

package/test/unit/spec/interceptors/utils.ts

@@ -0,0 +1,75 @@
+import 'jsdom-global/register';
+import {expect} from '@webex/test-helper-chai';
+import sinon from 'sinon';
+import {isJwtTokenExpired} from '@webex/plugin-meetings/src/interceptors/utils';
+
+const makeJwt = (payload) =>
+  [
+    Buffer.from(JSON.stringify({alg: 'none', typ: 'JWT'})).toString('base64url'),
+    Buffer.from(JSON.stringify(payload)).toString('base64url'),
+    ''
+  ].join('.');
+
+describe('plugin-meetings', () => {
+  describe('Interceptors', () => {
+    describe('utils - isJwtTokenExpired', () => {
+      let clock;
+
+      beforeEach(() => {
+        clock = sinon.useFakeTimers();
+      });
+
+      afterEach(() => {
+        sinon.restore();
+        clock.restore();
+      });
+
+      it('returns false when token has no exp', () => {
+        const token = makeJwt({}); // no exp
+
+        const result = isJwtTokenExpired(token);
+
+        expect(result).to.equal(false);
+      });
+
+      it('returns false when token is not expired', () => {
+        const now = Date.now();
+        const futureExp = Math.floor((now + 60 * 1000) / 1000);
+
+        const token = makeJwt({exp: futureExp});
+
+        const result = isJwtTokenExpired(token);
+
+        expect(result).to.equal(false);
+      });
+
+      it('returns true when token is expired', () => {
+        const now = Date.now();
+        const pastExp = Math.floor((now - 60 * 1000) / 1000);
+
+        const token = makeJwt({exp: pastExp});
+
+        const result = isJwtTokenExpired(token);
+
+        expect(result).to.equal(true);
+      });
+
+      it('returns true when token expires within EXPIRY_BUFFER', () => {
+        const now = Date.now();
+        const expSoon = Math.floor((now + 10 * 1000) / 1000);
+
+        const token = makeJwt({exp: expSoon});
+
+        const result = isJwtTokenExpired(token);
+
+        expect(result).to.equal(true);
+      });
+
+      it('returns true when token is invalid', () => {
+        const result = isJwtTokenExpired('not-a-jwt');
+
+        expect(result).to.equal(true);
+      });
+    });
+  });
+});

package/test/unit/spec/meeting/index.js

@@ -13029,7 +13029,7 @@ describe('plugin-meetings', () => {
             'a datachannel url',
             'token-123'
           );
-          assert.calledWithExactly(webex.internal.llm.setDatachannelToken, 'token-123', 'default');
+          assert.calledWithExactly(webex.internal.llm.setDatachannelToken, 'token-123', 'llm-default-session');
         });
         it('prefers refreshed token over locus self token', async () => {
           meeting.joinedWith = {state: 'JOINED'};
@@ -13039,7 +13039,7 @@ describe('plugin-meetings', () => {
             self: {datachannelToken: 'locus-token'},
           };
 
-          webex.internal.llm.getDatachannelToken.withArgs('default').returns('refreshed-token');
+          webex.internal.llm.getDatachannelToken.withArgs('llm-default-session').returns('refreshed-token');
 
           await meeting.updateLLMConnection();
 
@@ -13072,7 +13072,7 @@ describe('plugin-meetings', () => {
             'a datachannel url',
             'token-123'
           );
-          assert.calledWithExactly(webex.internal.llm.setDatachannelToken, 'token-123', 'default');
+          assert.calledWithExactly(webex.internal.llm.setDatachannelToken, 'token-123', 'llm-default-session');
         });
 
         describe('#clearMeetingData', () => {
@@ -14735,7 +14735,7 @@ describe('plugin-meetings', () => {
           expect(result).to.deep.equal({
             body: {
               datachannelToken: 'mock-token',
-              dataChannelTokenType: 'practiceSession',
+              dataChannelTokenType: 'llm-practice-session',
             },
           });
         });
@@ -14748,7 +14748,7 @@ describe('plugin-meetings', () => {
 
           const result = meeting.getDataChannelTokenType();
 
-          expect(result).to.equal('practiceSession');
+          expect(result).to.equal('llm-practice-session');
         });
 
         it('returns Default when not in practice session mode', () => {
@@ -14758,7 +14758,7 @@ describe('plugin-meetings', () => {
 
           const result = meeting.getDataChannelTokenType();
 
-          expect(result).to.equal('default');
+          expect(result).to.equal('llm-default-session');
         });
       });
       describe('#stopKeepAlive', () => {

package/test/unit/spec/meeting/request.js

@@ -924,7 +924,14 @@ describe('plugin-meetings', () => {
     const locusUrl = 'https://locus.example.com/locus/api/v1/loci/123';
     const participantId = 'participant-123';
 
+    beforeEach(() => {
+      sinon.restore();
+      locusDeltaRequestSpy = sinon.stub(meetingsRequest, 'locusDeltaRequest');
+    });
+
     it('sends GET request to regular datachannel token endpoint', async () => {
+      locusDeltaRequestSpy.resolves({body: {}});
+
       await meetingsRequest.fetchDatachannelToken({
         locusUrl,
         requestingParticipantId: participantId,
@@ -938,6 +945,8 @@ describe('plugin-meetings', () => {
     });
 
     it('sends GET request to practice session datachannel token endpoint', async () => {
+      locusDeltaRequestSpy.resolves({body: {}});
+
       await meetingsRequest.fetchDatachannelToken({
         locusUrl,
         requestingParticipantId: participantId,
@@ -950,7 +959,7 @@ describe('plugin-meetings', () => {
       });
     });
 
-    it('throws if locusUrl or participantId is missing', async () => {
+    it('rejects when locusUrl or participantId is missing', async () => {
       await assert.isRejected(
         meetingsRequest.fetchDatachannelToken({
           locusUrl: null,
@@ -968,18 +977,15 @@ describe('plugin-meetings', () => {
       );
     });
 
-    it('logs and rethrows error when locusDeltaRequest fails', async () => {
-      const error = new Error('network error');
-      locusDeltaRequestSpy.restore();
-      sinon.stub(meetingsRequest, 'locusDeltaRequest').rejects(error);
+    it('returns null when locusDeltaRequest fails', async () => {
+      locusDeltaRequestSpy.rejects(new Error('network error'));
 
-      await assert.isRejected(
-        meetingsRequest.fetchDatachannelToken({
-          locusUrl,
-          requestingParticipantId: participantId,
-        }),
-        /network error/
-      );
+      const result = await meetingsRequest.fetchDatachannelToken({
+        locusUrl,
+        requestingParticipantId: participantId,
+      });
+
+      assert.equal(result, null);
     });
   });
 });

package/test/unit/spec/webinar/index.ts

@@ -233,6 +233,8 @@ describe('plugin-meetings', () => {
         // Ensure connect path is eligible
         webinar.selfIsPanelist = true;
         webinar.practiceSessionEnabled = true;
+        webex.internal.voicea.getIsCaptionBoxOn = sinon.stub().returns(false);
+        webex.internal.voicea.updateSubchannelSubscriptions = sinon.stub();
       });
 
       it('no-ops when practice session join eligibility is false', async () => {
@@ -342,6 +344,22 @@ describe('plugin-meetings', () => {
           processRelayEvent
         );
       });
+
+      it('subscribes to transcription when caption intent is enabled', async () => {
+        webex.internal.voicea.getIsCaptionBoxOn = sinon.stub().returns(true);
+
+        await webinar.updatePSDataChannel();
+
+        assert.calledOnceWithExactly(webex.internal.voicea.updateSubchannelSubscriptions, { subscribe: ['transcription'] });
+      });
+
+      it('does not subscribe to transcription when caption intent is disabled', async () => {
+        webex.internal.voicea.getIsCaptionBoxOn = sinon.stub().returns(false);
+
+        await webinar.updatePSDataChannel();
+
+        assert.notCalled(webex.internal.voicea.updateSubchannelSubscriptions);
+      });
       });
 
       describe('#updateStatusByRole', () => {