feat: SubscriptionController: trigger token refresh (#6374)

## Explanation

Add a "triggerAuthTokenRefresh" method to the SubscriptionController,
which allows to trigger a refresh of the access token, for example,
after the subscription status has changed.

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [x] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/contributing.md#updating-changelogs),
highlighting breaking changes as necessary
- [ ] I've prepared draft pull requests for clients and consumer
packages to resolve any breaking changes

Author: matthiasgeihs

packages/subscription-controller/CHANGELOG.md

@@ -14,5 +14,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - `cancelSubscription`: Cancel user active subscription.
 - `startShieldSubscriptionWithCard`: start shield subscription via card (with trial option) ([#6300](https://github.com/MetaMask/core/pull/6300))
 - Add `getPricing` method ([#6356](https://github.com/MetaMask/core/pull/6356))
+- Added `triggerAccessTokenRefresh` to trigger an access token refresh ([#6374](https://github.com/MetaMask/core/pull/6374))
 
 [Unreleased]: https://github.com/MetaMask/core/

packages/subscription-controller/src/SubscriptionController.test.ts

@@ -60,7 +60,10 @@ function createCustomSubscriptionMessenger(props?: {
     AllowedEvents['type']
   >({
     name: controllerName,
-    allowedActions: ['AuthenticationController:getBearerToken'],
+    allowedActions: [
+      'AuthenticationController:getBearerToken',
+      'AuthenticationController:performSignOut',
+    ],
     allowedEvents: props?.overrideEvents ?? [
       'AuthenticationController:stateChange',
     ],
@@ -80,31 +83,26 @@ function createCustomSubscriptionMessenger(props?: {
  * @param overrideMessengers.messenger - messenger to override
  * @returns series of mocks to actions that can be called
  */
-function mockSubscriptionMessenger(overrideMessengers?: {
+function createMockSubscriptionMessenger(overrideMessengers?: {
   baseMessenger: Messenger<AllowedActions, AllowedEvents>;
   messenger: SubscriptionControllerMessenger;
 }) {
   const { baseMessenger, messenger } =
     overrideMessengers ?? createCustomSubscriptionMessenger();
 
+  const mockPerformSignOut = jest.fn();
+  baseMessenger.registerActionHandler(
+    'AuthenticationController:performSignOut',
+    mockPerformSignOut,
+  );
+
   return {
     baseMessenger,
     messenger,
+    mockPerformSignOut,
   };
 }
 
-/**
- * Creates a mock subscription messenger for testing.
- *
- * @returns The mock messenger and related mocks.
- */
-function createMockSubscriptionMessenger(): {
-  messenger: SubscriptionControllerMessenger;
-  baseMessenger: Messenger<AllowedActions, AllowedEvents>;
-} {
-  return mockSubscriptionMessenger();
-}
-
 /**
  * Creates a mock subscription service for testing.
  *
@@ -140,6 +138,7 @@ type WithControllerCallback<ReturnValue> = (params: {
   initialState: SubscriptionControllerState;
   messenger: SubscriptionControllerMessenger;
   mockService: ReturnType<typeof createMockSubscriptionService>['mockService'];
+  mockPerformSignOut: jest.Mock;
 }) => Promise<ReturnValue> | ReturnValue;
 
 type WithControllerOptions = Partial<SubscriptionControllerOptions>;
@@ -158,7 +157,7 @@ async function withController<ReturnValue>(
   ...args: WithControllerArgs<ReturnValue>
 ) {
   const [{ ...rest }, fn] = args.length === 2 ? args : [{}, args[0]];
-  const { messenger } = createMockSubscriptionMessenger();
+  const { messenger, mockPerformSignOut } = createMockSubscriptionMessenger();
   const { mockService } = createMockSubscriptionService();
 
   const controller = new SubscriptionController({
@@ -172,6 +171,7 @@ async function withController<ReturnValue>(
     initialState: controller.state,
     messenger,
     mockService,
+    mockPerformSignOut,
   });
 }
 
@@ -546,4 +546,14 @@ describe('SubscriptionController', () => {
       });
     });
   });
+
+  describe('triggerAuthTokenRefresh', () => {
+    it('should trigger auth token refresh', async () => {
+      await withController(async ({ controller, mockPerformSignOut }) => {
+        controller.triggerAccessTokenRefresh();
+
+        expect(mockPerformSignOut).toHaveBeenCalledWith();
+      });
+    });
+  });
 });

packages/subscription-controller/src/SubscriptionController.ts

@@ -54,7 +54,8 @@ export type SubscriptionControllerActions =
   | SubscriptionControllerGetStateAction;
 
 export type AllowedActions =
-  AuthenticationController.AuthenticationControllerGetBearerToken;
+  | AuthenticationController.AuthenticationControllerGetBearerToken
+  | AuthenticationController.AuthenticationControllerPerformSignOut;
 
 // Events
 export type SubscriptionControllerStateChangeEvent = ControllerStateChangeEvent<
@@ -214,12 +215,19 @@ export class SubscriptionController extends BaseController<
           : subscription,
       );
     });
+
+    this.triggerAccessTokenRefresh();
   }
 
   async startShieldSubscriptionWithCard(request: StartSubscriptionRequest) {
     this.#assertIsUserNotSubscribed({ products: request.products });
 
-    return await this.#subscriptionService.startSubscriptionWithCard(request);
+    const response =
+      await this.#subscriptionService.startSubscriptionWithCard(request);
+
+    this.triggerAccessTokenRefresh();
+
+    return response;
   }
 
   #assertIsUserNotSubscribed({ products }: { products: ProductType[] }) {
@@ -232,6 +240,16 @@ export class SubscriptionController extends BaseController<
     }
   }
 
+  /**
+   * Triggers an access token refresh.
+   */
+  triggerAccessTokenRefresh() {
+    // We perform a sign out to clear the access token from the authentication
+    // controller. Next time the access token is requested, a new access token
+    // will be fetched.
+    this.messagingSystem.call('AuthenticationController:performSignOut');
+  }
+
   #assertIsUserSubscribed(request: { subscriptionId: string }) {
     if (
       !this.state.subscriptions.find(