Fix race condition in refresh token issuance

pavinduLakshan · pavinduLakshan · commit 5aead49a7e13 · 2026-04-27T20:36:52.000+05:30
diff --git a/packages/browser/src/__legacy__/helpers/authentication-helper.ts b/packages/browser/src/__legacy__/helpers/authentication-helper.ts
@@ -65,13 +65,15 @@ export class AuthenticationHelper<T extends MainThreadClientConfig | WebWorkerCl
   protected _spaHelper: SPAHelper<T>;
   protected _instanceId: number;
   protected _isTokenRefreshing: boolean;
+  protected _refreshAccessTokenPromise?: Promise<User>;
 
   public constructor(authClient: AsgardeoAuthClient<T>, spaHelper: SPAHelper<T>) {
     this._authenticationClient = authClient;
     this._storageManager = this._authenticationClient.getStorageManager();
     this._spaHelper = spaHelper;
     this._instanceId = this._authenticationClient.getInstanceId();
     this._isTokenRefreshing = false;
+    this._refreshAccessTokenPromise = undefined;
   }
 
   public enableHttpHandler(httpClient: HttpClient): void {
@@ -174,23 +176,33 @@ export class AuthenticationHelper<T extends MainThreadClientConfig | WebWorkerCl
   public async refreshAccessToken(
     enableRetrievingSignOutURLFromSession?: (config: SPACustomGrantConfig) => void,
   ): Promise<User> {
-    try {
-      await this._authenticationClient.refreshAccessToken();
-      const customGrantConfig = await this.getCustomGrantConfigData();
-      if (customGrantConfig) {
-        await this.exchangeToken(customGrantConfig, enableRetrievingSignOutURLFromSession);
-      }
-      this._spaHelper.refreshAccessTokenAutomatically(this);
+    if (this._refreshAccessTokenPromise) {
+      return this._refreshAccessTokenPromise;
+    }
 
-      return this._authenticationClient.getUser();
-    } catch (error) {
-      const refreshTokenError: Message<string> = {
-        type: REFRESH_ACCESS_TOKEN_ERR0R,
-      };
+    this._refreshAccessTokenPromise = (async (): Promise<User> => {
+      try {
+        await this._authenticationClient.refreshAccessToken();
+        const customGrantConfig = await this.getCustomGrantConfigData();
+        if (customGrantConfig) {
+          await this.exchangeToken(customGrantConfig, enableRetrievingSignOutURLFromSession);
+        }
+        this._spaHelper.refreshAccessTokenAutomatically(this);
 
-      window.postMessage(refreshTokenError);
-      return Promise.reject(error);
-    }
+        return this._authenticationClient.getUser();
+      } catch (error) {
+        const refreshTokenError: Message<string> = {
+          type: REFRESH_ACCESS_TOKEN_ERR0R,
+        };
+
+        window.postMessage(refreshTokenError);
+        throw error;
+      } finally {
+        this._refreshAccessTokenPromise = undefined;
+      }
+    })();
+
+    return this._refreshAccessTokenPromise;
   }
 
   protected async retryFailedRequests(failedRequest: HttpRequestInterface): Promise<HttpResponse> {
