Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh tokens are duplicated when using Promise.all() #1772

Closed
4 of 5 tasks
trandaison opened this issue Jul 21, 2022 · 3 comments
Closed
4 of 5 tasks

Refresh tokens are duplicated when using Promise.all() #1772

trandaison opened this issue Jul 21, 2022 · 3 comments
Labels
bug

Comments

@trandaison
Copy link
Contributor

Version

module: 5.0.0-1648802546.c9880dc
nuxt: 2.15.1

Nuxt configuration

mode:

  • universal
  • spa

Nuxt configuration

  auth: {
    redirect: {
      login: "/login",
      logout: "/login",
      home: "/"
    },
    strategies: {
      local: {
        scheme: "refresh",
        token: {
          property: "token",
          type: "Bearer"
        },
        refreshToken: {
          property: "token",
          type: "Bearer",
          tokenRequired: true,
          required: false,
          maxAge: false
        },
        user: {
          property: "user"
        },
        endpoints: {
          login: { url: "/login", method: "post" },
          logout: { url: "/logout", method: "delete" },
          user: { url: "/me", method: "get" },
          refresh: { url: "/refresh_token", method: "post" }
        }
      }
    }
  }

Reproduction

What is expected?

When the token is expired, I should have refreshed one time only.

What is actually happening?

There are multiple refresh token requests

Screen Shot 2022-07-21 at 13 54 48

Steps to reproduce

Please follow the repo above. After login, open the chrome devtool > Network tab.
Wait 1 minute for the token to be expired, then click the button Try Promise.all()

Actually, I'm trying to call multiple API requests with Promise.all when the token is already expired.

      await Promise.all([
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
      ]);

Additional information

If the API revolves a token after refresh successfully, other refresh request will be error (because the token was revolved). This will cause crash app.

This behavior only appears when using Promise.all()

Checklist

  • I have tested with the latest Nuxt version and the issue still occurs
  • I have tested with the latest module version and the issue still occurs
  • I have searched the issue tracker and this issue hasn't been reported yet
@trandaison trandaison added the bug label Jul 21, 2022
@sadeghi-aa
Copy link

sadeghi-aa commented Sep 13, 2022
edited
Loading

I'm facing the same issue and haven't found a solution yet. I tried some interceptor methods, but still no luck. Has anyone found a solution for this? In my case, the backend returns a 401 response for duplicate refresh tokens in payload, so Nuxt logs me out when refresh tokens are requested in parallel.

@trandaison trandaison mentioned this issue Nov 1, 2022
Merged
@trandaison
Copy link
Contributor Author

@sadeghi-aa
I open a PR to this fix issue.

@trandaison
Copy link
Contributor Author

This bug has been fixed in v5.0.0-1667386184.dfbbb54.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trandaison @sadeghi-aa