Number of token refresh requests increasing with each re-render

[priyath]

The issue can be recreated on the okta-hosted-login sample as follows:

Setup:

• okta-hosted-login sample with early access feature Refresh Token Rotation enabled on okta authorization server
• Requested scopes: ['openid', 'profile', 'email', 'offline_access']
• @okta/okta-auth-js version 4.9.0 and @okta/okta-react version 5.1.1
• Start the application, perform login, and observe the network tab and wait for token rotation (I configured expireEarlySeconds to trigger the refresh every 30 seconds).

Observations:

• After the first 30 seconds, 2 token requests are triggered
• After the next 30 seconds, 2 token requests and 2 authorize requests are triggered. (Should there be an authorize request at all? Since we have a refresh token, I assumed token request is sufficient for rotation. Interestingly, okta-auth-js 4.8.0 does not trigger the authorize request. More info here)
• Perform a dummy change in config.js to trigger a webpack rebuild. (eg: alter the messageUrl value)
• After the next 30 seconds, 4 token requests and 4 authorize requests are fired. This will increase with each re-render.

I have not looked into the internal code yet, but I assume this could be because internally something like a setTimeout function is being mounted to refresh the token, without clearing the existing function? Would appreciate some feedback on this issue.