OAuth2TokenRelayFilter bug
yyfcode opened this issue · 0 comments
yyfcode commented
When the token expires, it is assumed that the browser continuously sends 2 requests. The first request in the OAuth2TokenRelayFilter waits for the authentication server to return the result and save it to the OAuth2ClientContext (the OAuth2ClientContext is still the old value), so when the second request is made this time When the OAuth2TokenRelayFilter gets the value from the old OAuth2ClientContext to refresh the token and the first request has returned correctly and the new refresh token is saved, a conflict occurs.
My tokenServices reuseRefreshToken is false and accessTokenValiditySeconds is 10 seconds
Although this is not reasonable, it is only for testing