Skip to content

Improve access token refresh handling during network interruption #2129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Cassolette wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Improve access token refresh handling during network interruption #2129

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b76ac67
fix: let IDP decide auth workflow on access token renew failure
Cassolette Mar 11, 2026
0794e81
fix: make better attempts at access token refresh while offline
Cassolette Mar 11, 2026
2edd589
don't use browser specific exception msg
Cassolette Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/web-pkg/src/composables/authContext/useAuthService.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import { useService } from '../service'
import { NavigationFailure } from 'vue-router'

export interface AuthServiceInterface {
handleAuthError(route: any, options?: { forceLogout?: boolean }): any
handleAuthError(route: any, options?: { forceSignin?: boolean }): any
signinSilent(): Promise<unknown>
logoutUser(): Promise<void | NavigationFailure>
getRefreshToken(): Promise<string>
Expand Down
28 changes: 22 additions & 6 deletions packages/web-runtime/src/services/auth/authService.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,11 +143,27 @@ export class AuthService implements AuthServiceInterface {
this.userManager.events.addAccessTokenExpired((): void => {
const handleExpirationError = () => {
console.error('AccessToken Expired')
this.handleAuthError(unref(this.router.currentRoute), { forceLogout: true })
this.handleAuthError(unref(this.router.currentRoute), { forceSignin: true })
}

// retry silent signin once, force logout if it fails
this.userManager.signinSilent().catch(handleExpirationError)
// attempt silent signin in a retry loop. on network error, we retry every 2s up to 10
// times (20s). beyond or for any other error, we fallback to idp sign in.
const signinWithNetworkRetry = async (retriesLeft: number) => {
try {
await this.userManager.signinSilent()
} catch (error) {
const isDueToNetworkError = error instanceof TypeError
if (isDueToNetworkError && retriesLeft > 0) {
console.debug(`signinSilent failed due to network error, retrying (${retriesLeft})`)
await new Promise((resolve) => setTimeout(resolve, 2000))
return signinWithNetworkRetry(retriesLeft - 1)
}

handleExpirationError()
}
}

signinWithNetworkRetry(10)
})

this.userManager.events.addAccessTokenExpiring(() => {
Expand Down Expand Up @@ -297,7 +313,7 @@ export class AuthService implements AuthServiceInterface {

public async handleAuthError(
route: RouteLocation,
{ forceLogout = false }: { forceLogout?: boolean } = {}
{ forceSignin = false }: { forceSignin?: boolean } = {}
) {
if (isPublicLinkContextRequired(this.router, route)) {
const token = extractPublicLinkToken(route)
Expand All @@ -309,9 +325,9 @@ export class AuthService implements AuthServiceInterface {
})
}
if (isUserContextRequired(this.router, route) || isIdpContextRequired(this.router, route)) {
if (forceLogout) {
if (forceSignin) {
this.tokenTimerWorker?.resetTokenTimer()
await this.logoutUser()
await this.loginUser(route.fullPath)
return
}

Expand Down