Commit
Harden client token refresh: single-flight, no logout on network blips
Commit details
Commit notes
- All refresh paths (missing-token, 401 retry, SSE ensureValidToken) now share one in-flight refresh promise instead of the 401 path bypassing the dedup — concurrent 401s no longer surface unretried or race redundant token rotations. - Tokens are only cleared when the refresh endpoint definitively rejects the refresh token; transient network errors keep the session, and the next request retries. - On definitive rejection the client dispatches auth:expired; the auth store listens and clears the signed-in state instead of the app silently 401ing forever.
[private session redacted]
- Files changed
- 2
- Lines added
- +55
- Lines removed
- −66