fix: prevent OIDC /token endpoint race condition

worldcoin / developer-portal

The Worldcoin Developer Portal provides tools to interact with the Worldcoin SDK. Easiest way to get started with World ID.

https://developer.worldcoin.org

MIT License

59 stars 31 forks source link

fix: prevent OIDC /token endpoint race condition #794

Open 0xPenryn opened 1 week ago

0xPenryn commented 1 week ago

Uses one atomic GraphQL mutation to return and delete the auth_code when accessing the OIDC /token endpoint.

Not yet tested.

penryn-lgtm-bot[bot] commented 1 week ago

lgtm 👍

ph3t commented 2 days ago

@0xPenryn this change makes sense, but if two requests are sent concurrently I'm not sure this change will suffice to fix the underlying issue. Would it make sense to add a row-level DB lock for more robustness?

andy-t-wang commented 1 day ago

cc @m1guelpf might be worth getting your input, IIRC you implemented something similar to prevent verify race conditions