Currently there is no locking in getAccessToken around the refresh token code. If 2 requests come in at the same time, this could result in the token api being called twice for the same refresh token. That would cause the token to get revoked due to token replay prevention measures.
Currently there is no locking in getAccessToken around the refresh token code. If 2 requests come in at the same time, this could result in the token api being called twice for the same refresh token. That would cause the token to get revoked due to token replay prevention measures.