You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Locks are effective at guarding access to resource read/writes, but the problem here is that the code does not currently consider a HTTP request to refresh a token a protected resource. We can enter into a race if a two calls to the client happen at the same time where caller A makes a request to refresh the token at the same time caller B makes a call to refresh the token. If caller A finishes first, then that token is now invalid. Caller B will have a valid token at that point, or could fail the request.
I don't have a good solution at the top of my head other than to lock everything up, and make sure the request timeouts at roughly a second or less to not hold up any threads accessing the next token too much.
Another idea is to leverage effective-go's channels and work out a solution with those. At the present time, this race is very tricky to trigger (requires much-greater scale to really hit it), so submitting an issue here as a reminder to take care of it.
The text was updated successfully, but these errors were encountered:
Locks are effective at guarding access to resource read/writes, but the problem here is that the code does not currently consider a HTTP request to refresh a token a protected resource. We can enter into a race if a two calls to the client happen at the same time where caller A makes a request to refresh the token at the same time caller B makes a call to refresh the token. If caller A finishes first, then that token is now invalid. Caller B will have a valid token at that point, or could fail the request.
I don't have a good solution at the top of my head other than to lock everything up, and make sure the request timeouts at roughly a second or less to not hold up any threads accessing the next token too much.
Another idea is to leverage effective-go's channels and work out a solution with those. At the present time, this race is very tricky to trigger (requires much-greater scale to really hit it), so submitting an issue here as a reminder to take care of it.
The text was updated successfully, but these errors were encountered: