if someone is using another auth provider and supertokens (in cookie mode), and if in a request they add the other provider's token, and it sends back a 401, this will cause an infinite refresh loop if they are doing the other provider's auth in that API that is sending a 401.
This is a developer error mostly cause their API should not return a 401 or cause they are using the other provider's access token even if a supertokens' session exists.
We decided that we will add a limit on how many refreshes are done - 3 at max.
if someone is using another auth provider and supertokens (in cookie mode), and if in a request they add the other provider's token, and it sends back a 401, this will cause an infinite refresh loop if they are doing the other provider's auth in that API that is sending a 401.
This is a developer error mostly cause their API should not return a 401 or cause they are using the other provider's access token even if a supertokens' session exists.
We decided that we will add a limit on how many refreshes are done - 3 at max.