Only do 1 token update a time (#7236)

src/external_app/external_auth.ts

@@ -64,7 +64,13 @@ export class ExternalAuth extends Auth {
     });
   }
 
+  private _tokenCallbackPromise?: Promise<RefreshTokenResponse>;
+
   public async refreshAccessToken(force?: boolean) {
+    if (this._tokenCallbackPromise && !force) {
+      await this._tokenCallbackPromise;
+      return;
+    }
     const payload: GetExternalAuthPayload = {
       callback: CALLBACK_SET_TOKEN,
     };
@@ -72,14 +78,15 @@ export class ExternalAuth extends Auth {
       payload.force = true;
     }
 
-    const callbackPromise = new Promise<RefreshTokenResponse>(
+    this._tokenCallbackPromise = new Promise<RefreshTokenResponse>(
       (resolve, reject) => {
         window[CALLBACK_SET_TOKEN] = (success, data) =>
           success ? resolve(data) : reject(data);
       }
     );
 
-    await 0;
+    // we sleep 1 microtask to get the promise to actually set it on the window object.
+    await Promise.resolve();
 
     if (window.externalApp) {
       window.externalApp.getExternalAuth(JSON.stringify(payload));
@@ -87,10 +94,11 @@ export class ExternalAuth extends Auth {
       window.webkit!.messageHandlers.getExternalAuth.postMessage(payload);
     }
 
-    const tokens = await callbackPromise;
+    const tokens = await this._tokenCallbackPromise;
 
     this.data.access_token = tokens.access_token;
     this.data.expires = tokens.expires_in * 1000 + Date.now();
+    this._tokenCallbackPromise = undefined;
   }
 
   public async revoke() {
@@ -101,7 +109,8 @@ export class ExternalAuth extends Auth {
         success ? resolve(data) : reject(data);
     });
 
-    await 0;
+    // we sleep 1 microtask to get the promise to actually set it on the window object.
+    await Promise.resolve();
 
     if (window.externalApp) {
       window.externalApp.revokeExternalAuth(JSON.stringify(payload));