Add 'lock' to prevent getTokenSilently to be invoked in parallel

__mocks__/browser-tabs-lock/index.ts

@@ -0,0 +1,7 @@
+export const acquireLockMock = jest.fn();
+export const releaseLockMock = jest.fn();
+
+export default class FakeLock {
+  acquireLock = acquireLockMock;
+  releaseLock = releaseLockMock;
+}

__tests__/index.test.ts

@@ -1,3 +1,4 @@
+jest.mock('browser-tabs-lock');
 jest.mock('../src/jwt');
 jest.mock('../src/storage');
 jest.mock('../src/cache');
@@ -9,6 +10,7 @@ import createAuth0Client from '../src/index';
 import { AuthenticationError } from '../src/errors';
 import version from '../src/version';
 import { DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS } from '../src/constants';
+const GET_TOKEN_SILENTLY_LOCK_KEY = 'auth0.lock.getTokenSilently';
 
 const TEST_DOMAIN = 'test.auth0.com';
 const TEST_CLIENT_ID = 'test-client-id';
@@ -49,6 +51,7 @@ const setup = async (options = {}) => {
     save: require('../src/storage').save,
     remove: require('../src/storage').remove
   };
+  const lock = require('browser-tabs-lock');
   const cache = getInstance('../src/cache');
   const tokenVerifier = require('../src/jwt').verify;
   const transactionManager = getInstance('../src/transaction-manager');
@@ -84,7 +87,15 @@ const setup = async (options = {}) => {
       aud: TEST_CLIENT_ID
     }
   });
-  return { auth0, storage, cache, tokenVerifier, transactionManager, utils };
+  return {
+    auth0,
+    storage,
+    cache,
+    tokenVerifier,
+    transactionManager,
+    utils,
+    lock
+  };
 };
 
 describe('Auth0', () => {
@@ -945,6 +956,19 @@ describe('Auth0', () => {
 
         expect(token).toBe(TEST_ACCESS_TOKEN);
       });
+      it('acquires and releases lock when there is a cache', async () => {
+        const { auth0, cache, lock } = await setup();
+        cache.get.mockReturnValue({ access_token: TEST_ACCESS_TOKEN });
+
+        await auth0.getTokenSilently();
+        expect(lock.acquireLockMock).toHaveBeenCalledWith(
+          GET_TOKEN_SILENTLY_LOCK_KEY,
+          5000
+        );
+        expect(lock.releaseLockMock).toHaveBeenCalledWith(
+          GET_TOKEN_SILENTLY_LOCK_KEY
+        );
+      });
       it('continues method execution when there is no cache available', async () => {
         const { auth0, utils } = await setup();
 
@@ -1122,6 +1146,19 @@ describe('Auth0', () => {
           { daysUntilExpire: 1 }
         );
       });
+      it('acquires and releases lock', async () => {
+        const { auth0, lock } = await setup();
+
+        await auth0.getTokenSilently(defaultOptionsIgnoreCacheTrue);
+
+        expect(lock.acquireLockMock).toHaveBeenCalledWith(
+          GET_TOKEN_SILENTLY_LOCK_KEY,
+          5000
+        );
+        expect(lock.releaseLockMock).toHaveBeenCalledWith(
+          GET_TOKEN_SILENTLY_LOCK_KEY
+        );
+      });
     });
   });
   describe('getTokenWithPopup()', async () => {

package.json

@@ -69,6 +69,7 @@
     "wait-on": "^3.3.0"
   },
   "dependencies": {
+    "browser-tabs-lock": "^1.1.9",
     "core-js": "^3.2.1",
     "es-cookie": "^1.2.0",
     "fast-text-encoding": "^1.0.0",

src/Auth0Client.ts

@@ -1,3 +1,5 @@
+import Lock from 'browser-tabs-lock';
+
 import {
   getUniqueScopes,
   createQueryParams,
@@ -20,6 +22,9 @@ import * as ClientStorage from './storage';
 import { DEFAULT_POPUP_CONFIG_OPTIONS } from './constants';
 import version from './version';
 
+const lock = new Lock();
+const GET_TOKEN_SILENTLY_LOCK_KEY = 'auth0.lock.getTokenSilently';
+
 /**
  * Auth0 SDK for Single Page Applications using [Authorization Code Grant Flow with PKCE](https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce).
  */
@@ -295,12 +300,15 @@ export default class Auth0Client {
     }
   ) {
     options.scope = getUniqueScopes(this.DEFAULT_SCOPE, options.scope);
+
+    await lock.acquireLock(GET_TOKEN_SILENTLY_LOCK_KEY, 5000);
     if (!options.ignoreCache) {
       const cache = this.cache.get({
         scope: options.scope,
         audience: options.audience || 'default'
       });
       if (cache) {
+        lock.releaseLock(GET_TOKEN_SILENTLY_LOCK_KEY);
         return cache.access_token;
       }
     }
@@ -346,6 +354,7 @@ export default class Auth0Client {
     };
     this.cache.save(cacheEntry);
     ClientStorage.save('auth0.is.authenticated', true, { daysUntilExpire: 1 });
+    lock.releaseLock(GET_TOKEN_SILENTLY_LOCK_KEY);
     return authResult.access_token;
   }
 

static/index.html

@@ -59,11 +59,13 @@
               });
             });
             $('#getToken').click(function() {
-              auth0.getTokenSilently().then(function(token) {
-                alert(token);
+              Promise.all([
+                auth0.getTokenSilently({ ignoreCache: true }),
+                auth0.getTokenSilently({ ignoreCache: true })
+              ]).then(function([token1, token2]) {
+                console.log(token1, token2);
               });
             });
-
             $('#getTokenPopup').click(function() {
               auth0
                 .getTokenWithPopup({