When a user has multiple tabs of an application open, and the refresh token is stored in either the session- or the local storage, both windows will try to use the refresh token at the same time.

This is an issue when the OIDC server uses refresh token rotation (which is a requirement to be able to store refresh tokens on the client), as whichever request goes through after the first will fail due to a deactivated refresh token.

The OIDC client should create a lock in the storage, so only one client does perform the refresh, while the other clients wait for the result of that client.