Mathieu Virbel 833a5d1191 fix: sso refresh token race condition (#405) ...

With NextAuth, there is a race condition of the current implementation
of refreshToken using multiple tab. Because getSession() is broadcasted
(or triggered by another component, window focus or such), we may ask
for the jwt() to be refreshed at the same time.

The problem is the first time will go correctly, while all others calls
will be rejected as they are using a revoked token.

This redis lock is per-user, and will use redis lock as a source of
truth.

2024-09-05 00:47:02 +02:00

345 B

Raw Blame History

View Raw