Handle duplicate attempts to refresh auth tokens (#6233)

holoviz · Jan 18, 2024 · 156cd24 · 156cd24
1 parent a2be623
commit 156cd24
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/panel/auth.py b/panel/auth.py
@@ -1089,9 +1089,15 @@ async def _scheduled_refresh(self, user, refresh_token, application, request):
         self._schedule_refresh(expiry, user, refresh_token, application, request)
 
     async def _refresh_access_token(self, user, refresh_token, application, request):
-        log.debug("%s refreshing token", type(self).__name__)
         if user in state._oauth_user_overrides:
-            refresh_token = state._oauth_user_overrides[user]['refresh_token']
+            if not state._oauth_user_overrides[user]:
+                # Token is already being refreshed await it
+                while not state._oauth_user_overrides[user]:
+                    await asyncio.sleep(0.1)
+                return
+            else:
+                refresh_token = state._oauth_user_overrides[user]['refresh_token']
+        log.debug("%s refreshing token", type(self).__name__)
         state._oauth_user_overrides[user] = {}
         auth_handler = self.login_handler(application=application, request=request)
         _, access_token, refresh_token, expires_in = await auth_handler._fetch_access_token(