npm - @medplum/core - Versions diffs - 5.1.10 → 5.1.11 - Mend

@medplum/core 5.1.10 → 5.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cjs/index.d.ts CHANGED Viewed

@@ -4999,10 +4999,27 @@ export declare class MedplumClient extends TypedEventTarget<MedplumClientEventMa
     refreshIfExpired(gracePeriod?: number): Promise<void>;
     /**
      * Tries to refresh the auth tokens.
+     *
+     * When `navigator.locks` is available, the network call is wrapped in a Web Lock
+     * scoped to this client's storage namespace. This serializes refresh attempts across
+     * browser tabs/windows on the same origin so a single-use refresh token is not
+     * consumed by more than one tab. Tabs that wait on the lock re-read the latest
+     * tokens from storage when they acquire it and skip the network call if another tab
+     * has already refreshed.
+     *
+     * @param gracePeriod - Optional grace period in milliseconds threaded through to the post-lock authentication check.
      * @returns The refresh promise if available; otherwise undefined.
      * @see https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens
      */
     private refresh;
+    /**
+     * Acquires a cross-tab Web Lock (when available) and performs the token refresh.
+     * Tabs that wait on the lock check storage on acquisition and skip the network call
+     * if a peer tab has already produced a fresh access token.
+     * @param gracePeriod - Optional grace period in milliseconds used by the post-lock authentication check to decide whether the current token still has enough life left to skip the network refresh.
+     * @returns Promise that resolves when the refresh (or short-circuit) is complete.
+     */
+    private runRefreshWithLock;
     /**
      * Starts a new OAuth2 client credentials flow.
      *

package/dist/esm/index.d.ts CHANGED Viewed

@@ -4999,10 +4999,27 @@ export declare class MedplumClient extends TypedEventTarget<MedplumClientEventMa
     refreshIfExpired(gracePeriod?: number): Promise<void>;
     /**
      * Tries to refresh the auth tokens.
+     *
+     * When `navigator.locks` is available, the network call is wrapped in a Web Lock
+     * scoped to this client's storage namespace. This serializes refresh attempts across
+     * browser tabs/windows on the same origin so a single-use refresh token is not
+     * consumed by more than one tab. Tabs that wait on the lock re-read the latest
+     * tokens from storage when they acquire it and skip the network call if another tab
+     * has already refreshed.
+     *
+     * @param gracePeriod - Optional grace period in milliseconds threaded through to the post-lock authentication check.
      * @returns The refresh promise if available; otherwise undefined.
      * @see https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens
      */
     private refresh;
+    /**
+     * Acquires a cross-tab Web Lock (when available) and performs the token refresh.
+     * Tabs that wait on the lock check storage on acquisition and skip the network call
+     * if a peer tab has already produced a fresh access token.
+     * @param gracePeriod - Optional grace period in milliseconds used by the post-lock authentication check to decide whether the current token still has enough life left to skip the network refresh.
+     * @returns Promise that resolves when the refresh (or short-circuit) is complete.
+     */
+    private runRefreshWithLock;
     /**
      * Starts a new OAuth2 client credentials flow.
      *