feat: add support for handling Retry-After header

[SoulPancake]

Description

For #208

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

• New Features

  • Added support for Retry-After headers to control retry timing on rate-limited or server errors.
  • Improved retry logic with exponential backoff for network failures and retryable errors, with sensible maximum delays.

• Documentation

  • Updated changelog to note Retry-After handling.

• Tests

  • Expanded test coverage for Retry-After scenarios and exponential backoff on 5xx errors.
  • Enhanced test utilities to allow specifying response headers in mocks.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title precisely describes the primary feature addition—support for handling the Retry-After header—using concise and clear wording that matches the main change in the pull request.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 90.16393% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.60%. Comparing base (3fe33ac) to head (fe93804).

Files with missing lines	Patch %	Lines
common.ts	90.16%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #267      +/-   ##
==========================================
+ Coverage   88.43%   88.60%   +0.17%     
==========================================
  Files          23       23              
  Lines        1219     1264      +45     
  Branches      198      233      +35     
==========================================
+ Hits         1078     1120      +42     
- Misses         85       87       +2     
- Partials       56       57       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[SoulPancake]

This is generated using the existing sdk-generator PR openfga/sdk-generator#504

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (5)

common.ts (5)

145-147: Allow Retry-After: 0 and handle small negative skew

RFC allows Retry-After of 0 (immediate retry). Also clamp small negative delays due to clock skew to 0.

Apply this diff:

-function isValidRetryDelay(delayMs: number): boolean {
-  return delayMs > 0 && delayMs <= 1800 * 1000;
-}
+function isValidRetryDelay(delayMs: number): boolean {
+  return delayMs >= 0 && delayMs <= 1800 * 1000;
+}

-    const dateValue = new Date(retryAfterValue);
-    const now = new Date();
-    const delayMs = dateValue.getTime() - now.getTime();
+    const dateValue = new Date(retryAfterValue);
+    const now = new Date();
+    const delayMs = Math.max(0, dateValue.getTime() - now.getTime());
 
-    if (isValidRetryDelay(delayMs)) {
+    if (isValidRetryDelay(delayMs)) {
       return delayMs;
     }

Also applies to: 172-179

---

139-144: Avoid 0ms backoff when minWaitInMs is unset (burst risk)

With minWaitInMs=0, randomTime returns 0ms. Use a small floor to prevent tight loops.

Apply this diff:

-function randomTime(loopCount: number, minWaitInMs: number): number {
-  const min = Math.ceil(2 ** loopCount * minWaitInMs);
-  const max = Math.ceil(2 ** (loopCount + 1) * minWaitInMs);
+function randomTime(loopCount: number, minWaitInMs: number): number {
+  const base = Math.max(minWaitInMs, 50); // 50ms floor
+  const min = Math.ceil(2 ** loopCount * base);
+  const max = Math.ceil(2 ** (loopCount + 1) * base);
   const calculatedTime = Math.floor(Math.random() * (max - min) + min);
   return Math.min(calculatedTime, 120 * 1000);
 }

---

276-279: Default retry params can yield 0ms backoff

If configuration.retryParams is undefined and options omit retryParams, minWaitInMs becomes 0. Ensure sane defaults when maxRetry > 0.

Apply this diff:

-  const retryParams = axiosArgs.options?.retryParams ? axiosArgs.options?.retryParams : configuration.retryParams;
-  const maxRetry:number = retryParams ? retryParams.maxRetry : 0;
-  const minWaitInMs:number = retryParams ? retryParams.minWaitInMs : 0;
+  const retryParams = axiosArgs.options?.retryParams ?? configuration.retryParams;
+  const maxRetry: number = retryParams?.maxRetry ?? 0;
+  const minWaitInMs: number = maxRetry > 0 ? Math.max(50, retryParams?.minWaitInMs ?? 200) : 0;

---

230-266: Optional: include 408 (Request Timeout) in retryable statuses

408 is commonly safe to retry with backoff.

Apply this diff:

-      } else if (status === 429 || (status >= 500 && status !== 501)) {
+      } else if (status === 408 || status === 429 || (status >= 500 && status !== 501)) {

---

200-201: Optional: narrow return type (never returns undefined after fixes)

Control flow always returns a WrappedAxiosResponse or throws. Simplify the signature.

Apply this diff:

-): Promise<WrappedAxiosResponse<R> | undefined> {
+): Promise<WrappedAxiosResponse<R>> {

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a61ccf6 and 7f24c99.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• CHANGELOG.md (1 hunks)
• common.ts (7 hunks)
• tests/helpers/nocks.ts (1 hunks)
• tests/index.test.ts (9 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

tests/index.test.ts (3)

tests/helpers/default-config.ts (2)

• OPENFGA_API_TOKEN_ISSUER (20-20)
• baseConfig (54-67)

configuration.ts (1)

• GetDefaultRetryParams (48-53)

api.ts (1)

• OpenFgaApi (1284-1508)

common.ts (2)

base.ts (1)

• RequestArgs (29-32)

errors.ts (5)

• FgaError (27-40)
• FgaApiValidationError (120-134)
• FgaApiNotFoundError (142-155)
• FgaApiRateLimitExceededError (165-179)
• FgaApiInternalError (187-203)

🔇 Additional comments (1)

common.ts (1)

250-263: Good: honors Retry-After header with sensible fallback

Parsing Retry-After and falling back to capped exponential backoff is correct and improves resilience.

Consider adding tests for:

• Retry-After: "0", very large value (clamped), HTTP-date in past (treated as 0), invalid string (fallback to backoff).
• Network error retry path.

[rhamzeh]

Can you check what's happening with the spaces?

Also can you add tests for:

1. errors on token exchange
2. invalid or missing retry-after header
3. retry after header with time > max time
4. retry after header with 0 time
5. No retries for 501 errors

[rhamzeh]

These spacing changes are weird - did you run npm run lint:fix?

In a separate PR, we should take another look at our lint and prettier configs and make sure to enforce it at the CI level.

[SoulPancake]

Oops, I think my IDE did the spaces, I had them hidden so didn't catch them, I will fix those

[rhamzeh]

Can we change this a bit?

Can we have a helper function to decide whether to retry, e.g.

checkIfRetryableError, and that checks on what the type is and how many iterations have passed.

That way here all we have to do is:

isRetryable?
yes => retry
no => throw appropriate error

might make this a bit easier to reason about

[SoulPancake]

agreed, will address

[rhamzeh]

Suggested change

	return delayMs > 0 && delayMs <= 1800 * 1000;
	return delayMs >= 1_000 && delayMs <= 1800 * 1000;

Retry-After enforces >= 1 sec.

Can you move the numbers to named variables or add comments indicating what the intention behind them is? Someone revisiting this later will have a hard time understanding why we have 1000 * 1000

[rhamzeh]

Suggested change

	if (retryDelayMs === undefined) {
	if (!retryDelayMs) {