Convex CommunityCCConvex Community
Powered by
TristanT
Convex Community•2y ago
Tristan

Race conditions with single use refresh tokens for Convex Auth

I'm trying to prototype refreshing Convex Auth tokens from my backend, to support server side rendering and data fetching. I'm able to do this by setting cookies instead of use local storage, but am struggling to avoid race conditions for the refresh token. There a few differen scenarious where multiple requests come it at the same time onto different servers. The servers notice the JWT is about to expire (I'm faking 10 seconds expire) and then call the signIn action with the refresh token. This often causes the user to log out because (I believe) the second refresh fails due to reusing the refresh token quickly. I've tried deduping the refresh calls, but this is not straightforward with multiple requests/servers/reloads so it's still flaky.

Two questions:

1. Is it correct that the refresh token can only be used once, with no buffer in time?
2. With single use refresh tokens, is there a recommended approach to avoiding a race condition? There's a lot of things involved (multiple windows, multiple requests, multiple backend servers, etc) so coordination is hard.
Convex Community banner
Convex CommunityJoin
Join the Convex Discord! Explore Convex, the backend platform that keeps your app in sync.
15,010Members
Resources
Recent Announcements

Similar Threads

Was this page helpful?
Recent Announcements
james

Hi @everyone with everything going on today I forgot to post on discord about our EU launch! We have a region in Dublin now! You can start using it immediately, even for folks on the free plan. https://news.convex.dev/we-finally-got-our-eu-visa/ Stay tuned for more regions but also stay tuned for more infra improvements where we improve latency for teams no matter where their servers are located. Just at the tip of the iceberg re all the optimizations we have lined up.

james · this hour

Wayne

Hi @everyone happy Monday. Components Authoring [Challenge](https://www.convex.dev/components/challenge) updates! Meet the second batch of community-approved components **Firecrawl Scrape **- Scrape any URL and get clean markdown, HTML, screenshots, or structured JSON - with durable caching and reactive queries. https://www.convex.dev/components/firecrawl-scrape Built by: Gitmaxd **Durable Agents **- A Convex component for building durable AI agents with an async tool loop. https://www.convex.dev/components/durable-agents Built by: Siegfried **Convex Debouncer** - A server-side debouncing component for debouncing expensive operations like LLM calls, metrics computation, or any heavy processing that should only run after a period of inactivity. https://www.convex.dev/components/debouncer Built by: Ilya **DatabaseChat **- A Convex component for adding natural language database queries to your app. https://www.convex.dev/components/database-chat Built by: Nick **Transloadit** - A Convex component for creating Transloadit Assemblies, handling resumable uploads with status, and persisting status/results in Convex. https://www.convex.dev/components/transloadit Built by: Kvz **Loops** - A Convex component for integrating with Loops.so email marketing platform. https://www.convex.dev/components/loops Built by: Bobby The [challenge](https://www.convex.dev/components/challenge) is now ongoing, so keep building, and we'll keep rewarding. Thanks, everyone!

Wayne · 2w ago

Liz C

Hi everyone! Have you ever wanted to get your hands on some convex swag? Well you're in luck! We just launched our Convex swag store. Check it out here ---> https://store.convex.dev/

Liz C · 3w ago

Similar Threads

Convex Auth Sessions/Refresh Tokens
MrodMMrod / support-community
2y ago
nextauth auth with convex tokens
Tiago FreitasTTiago Freitas / support-community
12mo ago
Clerk + Convex Custom Sign-up Flow Race Conditions
Critically TalentedCCritically Talented / support-community
10mo ago
Question about race conditions
BarisBBaris / support-community
2y ago