if auth server revoke the refresh token, refreshToken() method call …

[ireshmw]

infinite loop of refreshToken() method calls if auth server revokes the refresh token.

[okrad]

Hi @ireshmw, the current code looks correct to me, but I guess I'm not taking into consideration some edge cases.
Can you explain in which situation you get the infinite loop?

[ireshmw]

Hi @okrad
When you revoke the refresh token and auth token manually from your OAuth server, this error occurs. So I have a Keycloak auth server and when I revoke all the sessions, I faced this issue,

in this case most important modifications was to me is replacing tokenStorage.deleteToken(scopes ?? []); with the tokenStorage.deleteAllTokens() , because tokenStorage.deleteToken(scopes ?? []); will not clear the refresh token completely so it will try to refresh using the existing refresh token and it keep getting fails because when I revoke the refresh token from the server.

I think you can check it if you try to recreate this problem as I mentioned.

[okrad]

I think what's most important to understand is why deleteToken doesn't clear the refresh token...
Could it be that the value of the scopes parameter when the deleteToken is called doesn't match with an actual stored token?

[scognito]

I 'm having the same issue of infinite loop using keycloak. It happens randomly, maybe some automatic rule revoke something.