-
Notifications
You must be signed in to change notification settings - Fork 433
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tokens don't manage to refresh within 3 seconds when oidc provider is under a high load #891
Comments
Hello @Nikitakun Please check source code for more details. |
Hello @Expelz, @damienbod thanks for the feedback! I have debugged it some more and came up with a step by step explanation on how the bug occurs:
That is how it works for me. I believe, it would be essential to have this 3 seconds interval configurable! |
@Nikitakun, you are right! There is the problem with such implementation. I suppose that these line should be removed: Lines 88 to 90 in 1e9f3fb
But then we will be faced with infinite silent renew process running, so it's not an option. Need to investigate possible solutions to this problem. Please share some ideas about it. P.S.: I think TOKEN_REFRESH_INTERVALL_IN_SECONDS as configurable value it's only workarond to the problem. |
@Expelz, I do agree that making the interval value optionally configurable would be the easiest solution, and potentially the best one, because it wouldn't fiddle with any core logic. @damienbod, will it be possible to have this introduced in an upcoming release? |
@Nikitakun @Expelz Thanks for taking to time to anaylse this problem. I will add this, hopefully today. |
released now in 11.2.3, thanks for you help |
Describe the bug
When our IdentityServer4 is under a high load, refreshing tokens might take more than 3 seconds, in which case the library would cancel the previous token refresh request and start a new one, only increasing load on the server, thus never getting the token refreshed.
Expected behavior
It would be helpful to have the token refresh interval configurable so as to set a custom interval value in case 3 seconds is not enough to process a refresh.
The
TOKEN_REFRESH_INTERVALL_IN_SECONDS
inOidcSecurityService
could be used as the default/fallback value in case it wasn't supplied in the config.Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: