Skip to content

Unity SDK: MicroserviceClientHelper.Request throws NRE instead of an actionable error when AccessToken is null #4740

Description

@mhijaziB

Problem

MicroserviceClientHelper.Request<T> builds the request URL by dereferencing the requester's token with no null guard:

  • client/Packages/com.beamable/Runtime/Server/MicroserviceClient.cs (Dictionary overload, ~lines 395-403 on main):
if (!(beamableRequester is IRequester requester)) { throw new NotSupportedException(...); }
var url = CreateUrl(requester.AccessToken.Cid, requester.AccessToken.Pid, serviceName, endpoint);

If a generated microservice client is invoked while the BeamContext has no access token - mid login, mid account switch, before OnReady - requester.AccessToken is null and the call dies with a bare NullReferenceException. A null requester is caught with a meaningful NotSupportedException; a null token is not. The string[] overload (~line 371) has the same shape.

Real-world impact

Surfaced in a customer case (Koin, SDK 5.0.1; internal case note case_notes/Koin/2026-07-06_Koin_steam-federated-first-claim-new-user.md, HubSpot 46661930868). On a brand-new Steam account's very first boot, the game's post-login chain called a generated client while the context was mid-token-transition and got:

[PostLoginState] Post-login failed. System.Exception: Stage 'Fetch Access Control' failed.
Failed to fetch access control. System.NullReferenceException: Object reference not set to an instance of an object
  at Beamable.Server.MicroserviceClientHelper.Request[T](...)
  in Library\PackageCache\com.beamable@5.0.1\...\MicroserviceClient.cs:208

The NRE gave the developer nothing to act on, so the broken post-login chain was retry-looped past for weeks; the incomplete post-login state then caused a downstream reward bug that took a multi-day support investigation to isolate. A clear error would have pointed at the login race on day one.

Proposed fix

Guard the token before CreateUrl in both Request<T> overloads and throw a typed, actionable exception, e.g. "Microservice client called before the BeamContext is authenticated - no access token available. Await BeamContext.OnReady (or ensure login has completed) before calling generated clients."

Repro sketch

  1. var ctx = BeamContext.Default; and call any generated microservice client method before login completes (or immediately after ClearToken/account switch).
  2. Observe NullReferenceException from MicroserviceClientHelper.Request instead of an authentication error.

Acceptance criteria

  • Calling a generated client with no access token produces a typed exception whose message names the missing-auth condition and the remedy.
  • Line reference verified against the current release branch (stack above is from the 5.0.1 package; on main the dereference sits in CreateUrl calls at both Request<T> overloads).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions