fix: prevent concurrent token refreshes#26530
Open
code-asher wants to merge 2 commits into
Open
Conversation
code-asher
commented
Jun 18, 2026
Comment on lines
+152
to
+154
| // TestSubscribeChannel can be used in tests to wait for all callers to | ||
| // subscribe to a refresh. | ||
| TestSubscribeChannel chan string |
Member
Author
There was a problem hiding this comment.
Is this dumb? It feels kinda dumb lol. But not sure how else to properly wait, otherwise the test will flake 😢
This comment has been minimized.
This comment has been minimized.
This can cause bad refresh token errors, since it can only be used once.
71bc56f to
551304b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This can cause bad refresh token errors, since it can only be used once.
Looks like there was an attempt to fix this by checking the database after a failed refresh, but of course this depends on the first request having updated the database in time...
@Emyrk does my fix look like it makes sense? One thing I was not sure about is if there can be multiple replicas writing in which case I actually will need a database-level lock...
Closes https://linear.app/codercom/issue/DEVEX-498/fix-external-oauth-refresh-race
and the original error report is https://linear.app/codercom/issue/DEVEX-432/github-oauth-refresh-unreliability