fix: tokens #113
Merged
fix: tokens #113
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4ndrelim
reviewed
Feb 5, 2026
Member
4ndrelim
left a comment
4ndrelim
left a comment
There was a problem hiding this comment.
Was investigating the bug too but saw you raised a PR before i did anything. So left some comments based on my udnerstanding. Seems like the right approach! Ill try to simulate some possible set-ups and test with ur fix.
4ndrelim
approved these changes
Feb 6, 2026
Member
4ndrelim
left a comment
4ndrelim
left a comment
There was a problem hiding this comment.
lgtm. This fix should resolve most of the 401 error bugs.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
1. Local Storage Not Updated
Access tokens and refresh tokens are only saved to local storage on login, subsequent token refreshes do not update local storage.
Example: User refreshes to a new token and exits Overleaf, the next time he re-opens PaperDebugger, it uses the old refresh token.
Proposed solution: Update authStore whenever tokens are set.
2. Race Conditions When Refreshing
PaperDebugger often calls multiple endpoints at the same time, which results in a race condition if the token needs to be refreshed.
Example:
v2/chats/modelsandv2/chats/conversationsare called at the same time, and the access token needs refreshing, the refresh endpoint is called twice. In some occasions, the frontend uses the 2nd refresh token received which differs from the one stored in the backend. This can be easily reproduced by setting the JWT expiration in the backend to a very short time.Proposed solution: Use a promise for
refresh().Unsure if this fixes the exact problem in #110