fix: User is cleared when access token expires even if it can be refreshed #154
Description
Description
In certain cases, for example when application is in background the access token can expire and upon waking up the "expired" event is thrown. Expired event handler in turn calls forgetUser() even though the user has valid refresh token and the access token can be refreshed just fine.
Steps To Reproduce
Reproduction rate is not necessarily 100% due to circumstances I'm not too sure of.
- Authenticate successfully using any method
- Send the application to background
- Wait for access token to expire
- Open the application again - both expiring and expired events might get triggered at the same time
- User might be logged out as
forgetUser()is called unconditionally
Expected Behavior
User is not logged out and access token is refreshed using existing valid refresh token.
Also there should be no need for any kind of timer, access token can be refreshed on-demand.
Event Tracing
Here's a sequence of events that we recorded when this error happened (newest to oldest):
| Event | Timestamp | Note |
|---|---|---|
| ApplicationOpened | 2024-12-20T16:44:11.256 | |
| OIDCRefreshFailed(CurrentUserNull) | 2024-12-20T16:44:11.021 | Refresh triggered from application code |
| OIDCUserEvent(null) | 2024-12-20T16:44:11.009 | |
| OIDCEvent(Prelogout) | 2024-12-20T16:44:11.007 | |
| OIDCEvent(TokenExpired) | 2024-12-20T16:44:10.988 | |
| OIDCEvent(TokenExpiring) | 2024-12-20T16:44:10.986 | |
| ApplicationBackgrounded | 2024-12-20T16:36:35.291 |