Description
Current behavior
When the OAuth2 library is already processing a refresh token exchange via doExchangeRefreshToken, any subsequent call initiated before the first asynchronous operation completes will fail with the alreadyExchangingRefreshToken error. Applications must handle this scenario by ensuring no additional exchange requests are triggered while an existing refresh token exchange is in progress.
Issue
Since the OAuth2 client instance is accessible from multiple components of the parent application, particularly when multiple “audience” clients each require their own refresh token, concurrent calls to doExchangeRefreshToken may occur. This makes it challenging to synchronize these calls and enforce sequential execution.
Solution
The proposed solution is to handle such situations internally within the library. Since doExchangeRefreshToken is asynchronous, we can safely defer its execution if there is another ongoing call in progress, following the FIFO principle.
A similar approach is already implemented in the library within the OAuth2DataLoader class. In cases where authorization is still in progress and an endpoint requires a fresh access token, the request is added to a FIFO queue and executed only after the current authorization process is completed.