Skip to content

fix: retry token refresh once on rate limit#39

Open
nicknisi wants to merge 3 commits into
mainfrom
fix/rate-limit-retry
Open

fix: retry token refresh once on rate limit#39
nicknisi wants to merge 3 commits into
mainfrom
fix/rate-limit-retry

Conversation

@nicknisi
Copy link
Copy Markdown
Member

@nicknisi nicknisi commented May 28, 2026

Summary

  • Catches RateLimitExceededException in refreshTokens() and retries once after honoring the Retry-After delay
  • Delay is clamped to 1–10s (defaults to 1s when retryAfter is null or non-finite)
  • Retry lives inside the existing dedup promise, so all concurrent in-process waiters share the result
  • Fixes cross-pod race condition where stateless multi-pod deployments (no LB session affinity) hit rate limits during concurrent token refresh

Context: Customer reported RateLimitExceededException during rolling deploys. Multiple pods read the same expired cookie and call authenticateWithRefreshToken simultaneously. The existing in-flight dedup (PR #33) handles within a single process, but cross-pod races still trigger rate limiting. WorkOS accepts reused refresh tokens within a ~10-30s grace window, so a single retry after the rate limit delay succeeds.

Test plan

  • pnpm build passes
  • All 255 tests pass (8 new rate-limit retry tests)
  • Tests cover: basic retry, retryAfter honored, null fallback, double rate limit, 10s cap, non-finite values, non-rate-limit retry error, concurrent dedup sharing

@nicknisi
fix: retry token refresh once on rate limit
8661f1f 
Multi-pod stateless deployments without session affinity can race on
token refresh — multiple pods read the same expired cookie and call
authenticateWithRefreshToken simultaneously. WorkOS accepts reused
refresh tokens within a grace window (~10-30s), but rate limiting
can still reject some of these concurrent calls.

Catch RateLimitExceededException inside the existing dedup promise and
retry once after the Retry-After delay (clamped 1-10s, default 1s).
All concurrent in-process waiters share the single retry result.
@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented May 28, 2026
edited
Loading

Greptile Summary

This PR adds a one-time retry on RateLimitExceededException inside refreshTokens(), honoring the Retry-After header (clamped to 1–10 s, defaulting to 1 s for null/non-finite values). Because the retry runs inside the existing in-flight dedup promise, all concurrent within-process callers automatically share the outcome.

  • Rate-limit retry logic (AuthKitCore.ts): An inner attempt() helper is extracted and called twice when a RateLimitExceededException is caught; the original error is threaded into the failure cause chain via retryError.cause = error before the final TokenRefreshError is thrown.
  • Test coverage (AuthKitCore.spec.ts): Eight new tests with vi.useFakeTimers() validate the retry, delay clamping, null/Infinity fallback, double-rate-limit cause chain, non-rate-limit retry errors, and concurrent dedup sharing—all 255 tests pass.

Confidence Score: 5/5

Safe to merge — the retry path is well-isolated inside the existing dedup promise, delay clamping is correct, and the full error cause chain is preserved and test-verified.

The change is narrowly scoped: one new catch branch with a single retry and a bounded delay. The in-flight dedup map correctly keeps the promise alive through the wait period so no duplicate retries can race within a process. Eight dedicated tests—including fake-timer assertions on the exact delay boundaries and a cause-chain inspection—give high confidence the behavior is correct under all exercised edge cases.

No files require special attention.

Important Files Changed

Filename Overview
src/core/AuthKitCore.ts Adds one-time retry with clamped delay (1–10 s) on RateLimitExceededException; retry lives inside the existing in-flight dedup promise so concurrent waiters share the result; error cause chain is preserved by mutating retryError.cause before re-wrapping.
src/core/AuthKitCore.spec.ts Adds 8 new focused tests covering: basic retry, honoured retryAfter, null/non-finite fallback to 1 s, 10 s cap, double rate-limit cause chain, non-rate-limit retry error, and concurrent dedup sharing; all paths exercised with fake timers.

Sequence Diagram

 
sequenceDiagram
    participant C1 as Caller A
    participant C2 as Caller B (concurrent)
    participant RTC as refreshTokens()
    participant MAP as inflightRefreshes map
    participant WOS as WorkOS API

    C1->>RTC: refreshTokens('rt-1')
    RTC->>MAP: set('rt-1', promise)
    C2->>RTC: refreshTokens('rt-1')
    RTC->>MAP: get('rt-1') → existing promise
    C2-->>RTC: awaits same promise

    RTC->>WOS: authenticateWithRefreshToken()
    WOS-->>RTC: "RateLimitExceededException (retryAfter=5s)"

    Note over RTC: clamp delay → min(5,10)=5s<br/>await setTimeout(5000)

    RTC->>WOS: authenticateWithRefreshToken() [retry]
    WOS-->>RTC: "{ accessToken, refreshToken, user }"

    RTC-->>MAP: cleanup → delete('rt-1')
    RTC-->>C1: result
    RTC-->>C2: result (same promise)
Loading

Reviews (3): Last reviewed commit: "fix: preserve original rate-limit error ..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 28, 2026
View reviewed changes
Comment thread src/core/AuthKitCore.ts
Comment thread src/core/AuthKitCore.ts
devin-ai-integration[bot]
devin-ai-integration Bot reviewed May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

Open in Devin Review

nicknisi added 2 commits May 28, 2026 10:49
@nicknisi
fix: clamp retryAfter and apply formatting
3a215c2 
Validate retryAfter is finite and positive, cap at 10s to prevent
holding the dedup entry too long. Default to 1s for null/non-finite
values. Add tests for edge cases: large values, Infinity, and
non-rate-limit errors on retry. Run oxfmt.
@nicknisi
fix: preserve original rate-limit error in cause chain
77a3256 
When the retry also fails, attach the original RateLimitExceededException
as the cause of retryError so the full sequence is visible:
TokenRefreshError → retryError → RateLimitExceededException (original).

Addresses Greptile review feedback on PR #39.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nicknisi