Curse you users who do that same thing in 2 browser tabs.

Log in to the same site with 2 different usernames?

#tokenfuckers

@ojt-rant var tokens [..] and then random token each time

System played ez

@joewilliams007 I'll be in jwt hell

Well, the second time it just returns an error because the state doesn't match. So what?

I often do that especially in online shops because how else would you compare two similar items for deciding which one to buy?

@ojt-rant jwt is already hell, java hell.

@max19931 I have an NPM package that automates refresh token rotation with coordinated renewal across any number of browser tabs (or any other agents that share a state that supports either change events or atomic replace, both of which can be used to implement a mutex lock)

It was a stupid amount of work but it's done and I get to use it in every project ever.

The name is simple-rtr if you want to save some misery (or share it with someone in case I have bugs though I do have a couple tests). The name is legacy, it's a single ridiculously complex state machine.

The reason I needed all that absurd effort is that although localStorage is synchronous its variant for webextension-donated content-scripts isn't, and at the time I was making an extension that shipped a single globally executed content-script because it needed to hook into all websites and load fact check annotations from a central server.

Good luck with that stateful approach.