Add Retry Mechanism for Token Renewal Failures to Prevent Unnecessary Logout

[bhayart]

trafficstars

Currently, when the token renewal process fails in oidc-react, it results in an immediate failure and leads to the user being logged out. This behavior is overly restrictive, especially in cases where the failure is due to transient network issues or temporary server unavailability. This forces users to log back in, which negatively impacts the user experience.

I propose implementing a retry mechanism when the token renewal fails to avoid an immediate logout. This could include: Configurable retry logic (e.g., number of retries, delay between retries). Exponential backoff for retry delays to avoid overwhelming the authentication server. Option to customize the behavior on failure (e.g., fallbacks or maintaining the session temporarily). The goal is to prevent unnecessary disconnections and provide a smoother experience when dealing with temporary failures in token renewal.

Use Case: In environments with network instability or intermittent issues with the identity provider, users can be unexpectedly logged out due to minor, temporary failures in token renewal. Instead of instantly logging the user out, implementing a retry mechanism would allow oidc-react to attempt renewing the token several times before considering the process a true failure, avoiding disruptive logouts.

Proposed Implementation: Implement a retry mechanism in the UserManager's token renewal process. Add configuration options to define retry parameters such as maximum retries and backoff strategy. Log failures and attempts during each retry cycle for debugging and observability purposes. Ensure the session is preserved during retry attempts, and only logout when retries are exhausted.

Benefits: Improves user experience by reducing unexpected logouts. Handles temporary failures more gracefully, especially in unreliable network conditions. Provides more control over token renewal behavior to developers.

[simenandre]

Thanks for this detailed proposal! I agree that handling token renewal failures more gracefully would improve the user experience.

This seems like a valuable addition. Would you be interested in submitting a PR? Here's what I'd suggest including:

1. A new configuration object for retry settings:

   • maxRetries (default: 3)
   • initialDelay (default: 1000ms)
   • backoffFactor (default: 2)

2. Exponential backoff retry logic that preserves the session state during attempts

3. Proper logging of retry attempts for debugging

PS: This might be better in oidc-client-ts, which is the underlaying package we use. I don't know, but I wanted to let you know!

Let me know if you'd like to work on this, and I can provide more specific guidance on implementation details.