(Task AB#1268089) | Defer token store unlock until token refresh response action occurs #168
Commits on Jan 24, 2024
-
Modify OAuth2 request middleware to delay token storage unlock until …
…after new token stored or old token deleted Currently the token store unlock occurs directly after the token refresh call completes, but prior to the new token being stored or the old token being deleted. In situations with a high volume of asynchronous calls occurring leading up to the token refresh flow initiating, a race condition can occur upon token store unlock whereby a subsequent token refresh call that was queued then immediately retrieves the previous refresh token from the unlocked token store before the new refresh token has had a chance to be written to the token store. The resulting token refresh API call attempt using a burnt/no longer valid refresh token results in a 400 level error (e.g. 'invalid_grant' ) from the OAuth2 identity server.
Commits on Jan 29, 2024
-
Moved individual endTokenRefresh's calls based on refresh outcome to …
…shared call - Removed some `self` references - Added comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.