auth-module icon indicating copy to clipboard operation
auth-module copied to clipboard

Published 20 hours ago verified publisher icon nuxt-community

Refresh tokens are duplicated when using `Promise.all()`

Open trandaison opened this issue 3 years ago • 1 comments

Version

module: 5.0.0-1648802546.c9880dc nuxt: 2.15.1

Nuxt configuration

mode:

  • [x] universal
  • [ ] spa

Nuxt configuration

  auth: {
    redirect: {
      login: "/login",
      logout: "/login",
      home: "/"
    },
    strategies: {
      local: {
        scheme: "refresh",
        token: {
          property: "token",
          type: "Bearer"
        },
        refreshToken: {
          property: "token",
          type: "Bearer",
          tokenRequired: true,
          required: false,
          maxAge: false
        },
        user: {
          property: "user"
        },
        endpoints: {
          login: { url: "/login", method: "post" },
          logout: { url: "/logout", method: "delete" },
          user: { url: "/me", method: "get" },
          refresh: { url: "/refresh_token", method: "post" }
        }
      }
    }
  }

Reproduction

  • https://codesandbox.io/s/unruffled-fermi-jo9buu?file=/pages/index.vue

What is expected?

When the token is expired, I should have refreshed one time only.

What is actually happening?

There are multiple refresh token requests

Screen Shot 2022-07-21 at 13 54 48

Steps to reproduce

Please follow the repo above. After login, open the chrome devtool > Network tab. Wait 1 minute for the token to be expired, then click the button Try Promise.all()

Actually, I'm trying to call multiple API requests with Promise.all when the token is already expired.

      await Promise.all([
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
        this.$auth.fetchUser(),
      ]);

Additional information

If the API revolves a token after refresh successfully, other refresh request will be error (because the token was revolved). This will cause crash app.

This behavior only appears when using Promise.all()

Checklist

  • [x] I have tested with the latest Nuxt version and the issue still occurs
  • [x] I have tested with the latest module version and the issue still occurs
  • [x] I have searched the issue tracker and this issue hasn't been reported yet

trandaison avatar Jul 21 '22 07:07 trandaison

I'm facing the same issue and haven't found a solution yet. I tried some interceptor methods, but still no luck. Has anyone found a solution for this? In my case, the backend returns a 401 response for duplicate refresh tokens in payload, so Nuxt logs me out when refresh tokens are requested in parallel.

sadeghi-aa avatar Sep 13 '22 04:09 sadeghi-aa

@sadeghi-aa I open a PR to this fix issue.

trandaison avatar Nov 01 '22 04:11 trandaison

This bug has been fixed in v5.0.0-1667386184.dfbbb54.

trandaison avatar Nov 03 '22 06:11 trandaison