Stack-Client / PouchLink : RefreshToken

[Crash--]

It's not rare that we launch requests with an expired OAuth token. In that case, stack-client will catch the error and call the refresh token API, update it's token and make the call again

See https://github.com/cozy/cozy-client/blob/90c7abb13fd71267cb44a1af6bca7b03b03a7645/packages/cozy-stack-client/src/CozyStackClient.js#L223-L243

But it's also not rare that an application launches several request at the same time. In that case we got several expired token messages and then we call the refresh token api several times.

I don't know if making a request to /auth/access_token to refresh the token has side effect on the old one? Do they are still valid if not expired? @nono ?

But we can be better to handle the refresh token. Recently in Cozy-Client, we added a way to deduplicate the same request by returning the same promise. See https://github.com/cozy/cozy-client/pull/988 . We can use this same CacheQuery to handle multiple refresh at once.

Also, it seems that PouchLink / PouchManager isn't handling the expired token by itself. It works only by side effect by hopping something is called from the StackLink to update the token.

getReplicationURL reads its value from StackClient https://github.com/cozy/cozy-client/blob/master/packages/cozy-pouch-link/src/CozyPouchLink.js#L102-L104 and then startReplication use getReplicationURL in the loop https://github.com/cozy/cozy-client/blob/master/packages/cozy-pouch-link/src/PouchManager.js#L181 . We should catch expired_token error and handle the refresh here too. No?

[nono]

I don't know if making a request to /auth/access_token to refresh the token has side effect on the old one? Do they are still valid if not expired? @nono ?

The old token is still valid until expiration.