LOADING…
0%
Complete changelog

Commit

Harden client token refresh: single-flight, no logout on network blips

Commit details

Commit notes

- All refresh paths (missing-token, 401 retry, SSE ensureValidToken) now share one in-flight refresh promise instead of the 401 path bypassing the dedup — concurrent 401s no longer surface unretried or race redundant token rotations. - Tokens are only cleared when the refresh endpoint definitively rejects the refresh token; transient network errors keep the session, and the next request retries. - On definitive rejection the client dispatches auth:expired; the auth store listens and clears the signed-in state instead of the app silently 401ing forever.

[private session redacted]

Files changed
2
Lines added
+55
Lines removed
−66
This page is a permanent record of commit 6af2815e.