supabase / gotrue / 6615603693 / 1
65%
master: 65%

DEFAULT BRANCH: master
Ran
Files 111
Run time 2s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 65.68% (+0.05%) from 65.634%
6615603693.1

push

github

web-flow 
feat: add idempotent refresh token algorithm (#1278)

Modifies the refresh token algorithm to support a limited form of
idempotency. The lack of this behavior is documented to cause loss of
session.

**Problem**

GoTrue, so far, assumes that clients calling the `POST
/token?grant_type=refresh_token` endpoint are guaranteed to at least
save the result of the response. Like all networked software, there are
no guarantees that the sender of a request will receive the response, or
act on it. This problem is exacerbated by network appliances like CDNs
and reverse proxies which mask the TCP stream semantics from GoTrue. A
properly closed TCP stream does not mean that the receiver of the
response received the stream, but rather that a proxy in the chain
buffered the response.

Furthermore, even if the receiver is able to receive _and parse_ the
response, usually there are no guarantees that it will continue
processing the response. With refresh tokens, it's incredbily important
that the receiver successfully persists the new refresh token to durable
storage. There are no guarantees of this as browsers and mobile apps
(and the computers they run on) can die, go offline or just malfunction
between sending a request and processing its response.

**Solution**

There are really only two solutions to this problem:

1. Idempotency. Where for the same inputs the same output is generated.
2. Double-commit. Where the receipt of the response needs to be
acknowledged before the state changes.

We considered a double-commit protocol, but decided against it at this
time as it introduces quite a bit of complexity. We may turn to it if
the limited idempotency solution does not cover a sufficient number of
the cases in real-world testing.

**Changes**

The refresh token algorithm is changed to offer a limited form of
idempotency, such that:

1. An **active refresh token** is the last non-revoked refresh token in
a session.
This is ... (continued)

7456 of 11352 relevant lines covered (65.68%)

51.59 hits per line

Source Files on job 6615603693.1