From 3634b9e2444015111925891444191829636b748e Mon Sep 17 00:00:00 2001
From: Markus Goetz <markus@woboq.com>
Date: Fri, 22 May 2026 17:39:14 +0200
Subject: [PATCH] ConnectionValidator: Surface 401 instead of Exception

For https://github.com/opencloud-eu/android/issues/172
---
 .../eu/opencloud/android/lib/common/ConnectionValidator.kt | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/opencloudComLibrary/src/main/java/eu/opencloud/android/lib/common/ConnectionValidator.kt b/opencloudComLibrary/src/main/java/eu/opencloud/android/lib/common/ConnectionValidator.kt
index 0d85064ad2..1448b8afd9 100644
--- a/opencloudComLibrary/src/main/java/eu/opencloud/android/lib/common/ConnectionValidator.kt
+++ b/opencloudComLibrary/src/main/java/eu/opencloud/android/lib/common/ConnectionValidator.kt
@@ -177,8 +177,11 @@ class ConnectionValidator(
      */
     private fun checkUnauthorizedAccess(client: OpenCloudClient, singleSessionManager: SingleSessionManager, status: Int): Boolean {
         var credentialsWereRefreshed = false
-        val account = client.account
-        val credentials = account.credentials
+        // During initial OAuth login the client has bearer credentials but no Android Account yet
+        // (the Account is persisted only after this call succeeds). Skip refresh — there's nothing
+        // to refresh against — otherwise we'd NPE on account.credentials / savedAccount below.
+        val account: OpenCloudAccount = client.account ?: return false
+        val credentials: OpenCloudCredentials = account.credentials ?: return false
         if (shouldInvalidateAccountCredentials(credentials, account, status)) {
             invalidateAccountCredentials(account, credentials)