KEYCLOAK-668 Make sure keycloak.js doesn't send multiple concurrent requests to refresh the token

This commit is contained in:
Stian Thorgersen 2014-09-09 13:45:55 +02:00
parent 839069ca15
commit c475721dab
2 changed files with 44 additions and 31 deletions

View file

@ -33,18 +33,22 @@ angular.element(document).ready(function ($http) {
module.factory('authInterceptor', function($q, Auth) {
return {
request: function (config) {
var deferred = $q.defer();
if (Auth.authz.token) {
Auth.authz.updateToken(5).success(function() {
config.headers = config.headers || {};
config.headers.Authorization = 'Bearer ' + Auth.authz.token;
if (!config.url.match(/.html$/)) {
var deferred = $q.defer();
if (Auth.authz.token) {
Auth.authz.updateToken(5).success(function () {
config.headers = config.headers || {};
config.headers.Authorization = 'Bearer ' + Auth.authz.token;
deferred.resolve(config);
}).error(function() {
location.reload();
});
deferred.resolve(config);
}).error(function () {
location.reload();
});
}
return deferred.promise;
} else {
return config;
}
return deferred.promise;
}
};
});

View file

@ -7,6 +7,7 @@
var kc = this;
var adapter;
var refreshQueue = [];
var loginIframe = {
enable: true,
@ -237,31 +238,39 @@
var params = 'grant_type=refresh_token&' + 'refresh_token=' + kc.refreshToken;
var url = getRealmUrl() + '/tokens/refresh';
var req = new XMLHttpRequest();
req.open('POST', url, true);
req.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
refreshQueue.push(promise);
if (kc.clientId && kc.clientSecret) {
req.setRequestHeader('Authorization', 'Basic ' + btoa(kc.clientId + ':' + kc.clientSecret));
} else {
params += '&client_id=' + encodeURIComponent(kc.clientId);
}
if (refreshQueue.length == 1) {
var req = new XMLHttpRequest();
req.open('POST', url, true);
req.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
req.onreadystatechange = function() {
if (req.readyState == 4) {
if (req.status == 200) {
var tokenResponse = JSON.parse(req.responseText);
setToken(tokenResponse['access_token'], tokenResponse['refresh_token']);
kc.onAuthRefreshSuccess && kc.onAuthRefreshSuccess();
promise.setSuccess(true);
} else {
kc.onAuthRefreshError && kc.onAuthRefreshError();
promise.setError();
}
if (kc.clientId && kc.clientSecret) {
req.setRequestHeader('Authorization', 'Basic ' + btoa(kc.clientId + ':' + kc.clientSecret));
} else {
params += '&client_id=' + encodeURIComponent(kc.clientId);
}
};
req.send(params);
req.onreadystatechange = function () {
if (req.readyState == 4) {
if (req.status == 200) {
var tokenResponse = JSON.parse(req.responseText);
setToken(tokenResponse['access_token'], tokenResponse['refresh_token']);
kc.onAuthRefreshSuccess && kc.onAuthRefreshSuccess();
for (var p = refreshQueue.pop(); p != null; p = refreshQueue.pop()) {
p.setSuccess(true);
}
} else {
kc.onAuthRefreshError && kc.onAuthRefreshError();
for (var p = refreshQueue.pop(); p != null; p = refreshQueue.pop()) {
p.setError(true);
}
}
}
};
req.send(params);
}
}
}