Skip to content

fix: race issue with oauth refresh #1199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 12, 2025
Merged

fix: race issue with oauth refresh #1199

merged 3 commits into from
Nov 12, 2025

Conversation

@sattvikc
Copy link
Collaborator

@sattvikc sattvikc commented Nov 11, 2025

Summary of change

(A few sentences about this PR)

Related issues

  • Link to issue1 here
  • Link to issue1 here

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your
changes work. Bonus points for screenshots and videos!)

Documentation changes

(If relevant, please create a PR in our docs repo, or create a checklist here
highlighting the necessary changes)

Checklist for important updates

  • Changelog has been updated
    • If there are any db schema changes, mention those changes clearly
  • coreDriverInterfaceSupported.json file has been updated (if needed)
  • pluginInterfaceSupported.json file has been updated (if needed)
  • Changes to the version if needed
    • In build.gradle
  • If added a new paid feature, edit the getPaidFeatureStats function in FeatureFlag.java file
  • Had installed and ran the pre-commit hook
  • If there are new dependencies that have been added in build.gradle, please make sure to add them
    in implementationDependencies.json.
  • Update function getValidFields in io/supertokens/config/CoreConfig.java if new aliases were added for any core
    config (similar to the access_token_signing_key_update_interval config alias).
  • Issue this PR against the latest non released version branch.
    • To know which one it is, run find the latest released tag (git tag) in the format vX.Y.Z, and then find the
      latest branch (git branch --all) whose X.Y is greater than the latest released tag.
    • If no such branch exists, then create one from the latest released branch.
  • If added a foreign key constraint on app_id_to_user_id table, make sure to delete from this table when deleting
    the user as well if deleteUserIdMappingToo is false.
  • If added a new recipe, then make sure to update the bulk import API to include the new recipe.

Remaining TODOs for this PR

  • Item1
  • Item2

tamassoltesz
tamassoltesz reviewed Nov 11, 2025
View reviewed changes
porcellus
porcellus requested changes Nov 11, 2025
View reviewed changes
src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java Outdated
Comment on lines 240 to 242
if (!refreshTokenPayload.has("exp")) {
System.out.println(refreshTokenPayload.toString());
}
Copy link
Collaborator

@porcellus porcellus Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need this?

src/test/java/io/supertokens/test/oauth/api/TestRefreshTokenFlowWithTokenRotationOptions.java
}

@Test
public void testParallelRefreshTokenWithoutRotation() throws Exception {
Copy link
Collaborator

@porcellus porcellus Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fails without the fix, right?

Copy link
Collaborator Author

@sattvikc sattvikc Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

@sattvikc sattvikc merged commit 1b1b2b2 into 11.2 Nov 12, 2025
11 of 14 checks passed
@sattvikc sattvikc deleted the fix/refresh-race branch November 12, 2025 10:52
sattvikc added a commit that referenced this pull request Nov 13, 2025
@tamassoltesz @sattvikc
experiment: Deadlock logger (#1198)
922755e 
* experiment: Deadlock logger

* fix: race issue with oauth refresh (#1199)

* fix: race issue with oauth refresh

* fix: review comment

* fix: remove print

* fix: deadlock in resource distributor (#1197)

* adding dev-v11.2.1 tag to this commit to ensure building

* fix: add deadlock logger

* fix: changelog and build version

* fix: only start deadlocklogger if it's enabled

---------

Co-authored-by: Sattvik Chakravarthy <[email protected]>
Co-authored-by: Supertokens Bot <>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@porcellus porcellus porcellus requested changes

@tamassoltesz tamassoltesz tamassoltesz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sattvikc @porcellus @tamassoltesz