Description
We have enabled token refresh. When opening the app, we do a request to our userinfo endpoint to get some information from the user.
If the user hasn't been on our page for a while, the token refresh right away kicks in and right away does get a new token. This works fine, but it may be faster the the request of the /userinfo endpoint, which then fails due to an invalid access token (as the refresh invalidated the old access token)
To Reproduce
Steps to reproduce the behavior:
- Create an app that does request anything from an endpoint in the APP_INITIALIZER
- enable silent_refresh and set the factor to a very low value, so that always when you open the app you hit the token refresh (otherwise you would need to wait till the token needs to be refreshed...)
- Load the page a few times and you will hit a 401 from the API
Expected behavior
While a token refresh is in progress, it should hold back requests.
Desktop (please complete the following information):
- OS: Windows
- Browser All (Chrme, Firefox, Safari, ..)
- Version Latest
Additional context
I've already included the changes from the following PR: #1423
This may be related to the configuration of the authentication server. Zitadel e.g. does immediately invalidate tokens if you get a new one, others may not - in this case this would not be a problem!
Overall: Is this library still maintained? I'm a bit surprised to see bugs like this or the one fixed by the PR mentioned above in a library as popular as this.