bitwarden · david-livefront · Jun 24, 2026 · Jun 24, 2026
@@ -47,12 +47,11 @@ internal class AuthTokenManager(
             // If the same request keeps failing, let's just let the 401 pass through.
             return null
         }
-        val accessToken = requireNotNull(
-            response
-                .request
-                .header(name = HEADER_KEY_AUTHORIZATION)
-                ?.substringAfter(delimiter = HEADER_VALUE_BEARER_PREFIX),
-        )
+        val accessToken = response
+            .request
+            .header(name = HEADER_KEY_AUTHORIZATION)
+            ?.substringAfter(delimiter = HEADER_VALUE_BEARER_PREFIX)
+            ?: return null
         return when (val userId = parseJwtTokenDataOrNull(accessToken)?.userId) {
             null -> {
                 // We are unable to get the user ID, let's just let the 401 pass through.

@@ -109,6 +109,15 @@ class AuthTokenManagerTest {
             }
         }
 
+        @Test
+        fun `returns null when no token is available`() {
+            assertNull(authTokenManager.authenticate(null, RESPONSE_401_NO_TOKEN))
+
+            verify(exactly = 0) {
+                refreshTokenProvider.refreshAccessTokenSynchronously(any())
+            }
+        }
+
         @Test
         fun `returns null when refresh is failure`() {
             every { parseJwtTokenDataOrNull(JWT_ACCESS_TOKEN) } returns JTW_TOKEN
@@ -307,6 +316,17 @@ private val JTW_TOKEN = JwtTokenDataJson(
 
 private const val JWT_ACCESS_TOKEN = "jwt"
 
+private val RESPONSE_401_NO_TOKEN = Response.Builder()
+    .code(401)
+    .request(
+        request = Request.Builder()
+            .url("https://www.bitwarden.com")
+            .build(),
+    )
+    .protocol(Protocol.HTTP_2)
+    .message("Unauthenticated")
+    .build()
+
 private val RESPONSE_401 = Response.Builder()
     .code(401)
     .request(