Lifecycle Refresh fail causes infinite loop and browser freeze

[sarath-sasikumar]

I am using the lifecycle refresh API using authClient.session.refresh() function. However, when the API fails, in certain times, it causes the browser to freeze.

I'm submitting this issue for the package(s):

• jwt-verifier
• okta-angular
• oidc-middleware
• okta-react
• okta-react-native

I'm submitting a:

• Bug report
• Feature request
• Other (Describe below)

Current behavior

The failure of the API causes the browser to freeze.

Expected behavior

The refresh token failure should not lead to browser freeze and should be ignored.

Minimal reproduction of the problem with instructions

This is the error encountered.
After this the browser freezes.

Extra information about the use case/user story you are trying to implement

Current idToken refresh operation requires the OKTA session to be valid. However, I do not want to increase the OKTA session for just one specific application. So, I am refreshing the OKTA session at certain intervals using the refresh operation, which helps in the idToken to be refreshed whenever it expires. This works most of the times, however in certain scenarios when the refresh operation fails, the browser freezes ( hits an infinite loop )

Environment

• Package Version: 3.0.4
• Browser: Google Chrome
• OS: Windows
• Node version (node -v): 10.15.3

[shuowu]

@sarath-sasikumar The authClient.session.refresh api is barely calling the session refresh api (https://github.com/okta/okta-auth-js/blob/master/lib/session.ts#L58). And a 404 response means the session you were trying to refresh is not valid (https://developer.okta.com/docs/reference/api/sessions/#refresh-session).

I suspect there is some UI logic that has been triggered when the session expired, like you may listen on the error event, or provided customized callbacks.

If you can reach out to our support team at [email protected] you can share details of your configuration and they can help us find out what is happening.