Refresh tokens are duplicated when using `Promise.all()`

trandaison commented 2 years ago

Version

module: 5.0.0-1648802546.c9880dc nuxt: 2.15.1

Nuxt configuration

mode:

[x] universal
[ ] spa

Nuxt configuration

  auth: {
    redirect: {
      login: "/login",
      logout: "/login",
      home: "/"
    },
    strategies: {
      local: {
        scheme: "refresh",
        token: {
          property: "token",
          type: "Bearer"
        },
        refreshToken: {
          property: "token",
          type: "Bearer",
          tokenRequired: true,
          required: false,
          maxAge: false
        },
        user: {
          property: "user"
        },
        endpoints: {
          login: { url: "/login", method: "post" },
          logout: { url: "/logout", method: "delete" },
          user: { url: "/me", method: "get" },
          refresh: { url: "/refresh_token", method: "post" }
        }
      }
    }
  }

Reproduction

https://codesandbox.io/s/unruffled-fermi-jo9buu?file=/pages/index.vue

What is expected?

When the token is expired, I should have refreshed one time only.

What is actually happening?

There are multiple refresh token requests

Steps to reproduce

Please follow the repo above. After login, open the chrome devtool > Network tab. Wait 1 minute for the token to be expired, then click the button Try Promise.all()

Actually, I'm trying to call multiple API requests with Promise.all when the token is already expired.

      await Promise.all([
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
      ]);

Additional information

If the API revolves a token after refresh successfully, other refresh request will be error (because the token was revolved). This will cause crash app.

This behavior only appears when using Promise.all()

Checklist

[x] I have tested with the latest Nuxt version and the issue still occurs
[x] I have tested with the latest module version and the issue still occurs
[x] I have searched the issue tracker and this issue hasn't been reported yet

sadeghi-aa commented 2 years ago

I'm facing the same issue and haven't found a solution yet. I tried some interceptor methods, but still no luck. Has anyone found a solution for this? In my case, the backend returns a 401 response for duplicate refresh tokens in payload, so Nuxt logs me out when refresh tokens are requested in parallel.

trandaison commented 1 year ago

@sadeghi-aa I open a PR to this fix issue.

trandaison commented 1 year ago

This bug has been fixed in v5.0.0-1667386184.dfbbb54.

nuxt-community / auth-module