Refresh by one time refresh_token in parallel requests

[nia-soft]

Environment lua-resty-openidc version 1.7.5 OpenID Connect provider with one time refresh token

Expected behaviour Refresh by one time refresh_token do not cause problems with parallel requests. Add parameter for set time lag(as example 50% from live time access token), for refresh tokens previously, before the access token expire. If fail on refresh, ignore is fact, and return authenticate() without error while access token is not expire.

Actual behaviour Token refreshing mechanism fail parallel requests, if expired access token.

Minimized example Request A and B parallel to proxy with session cookie (with refresh_token_1), and with expired access token.

• Request A do refresh with refresh_token_1, and get refresh_token_2. IDP revoking refresh_token_1. Return content from backend and new session cookie.
• Request B do refresh with refresh_token_1, and is fail refresh. Return 401 or 302.

Configuration and NGINX server log files not needed