auth0 · stevehobbsdev · Nov 8, 2019 · Nov 8, 2019
diff --git a/__tests__/index.test.ts b/__tests__/index.test.ts
@@ -1068,6 +1068,24 @@ describe('Auth0', () => {
         scope: 'test:scope',
         ignoreCache: true
       };
+
+      it('releases the lock when there is an error', async () => {
+        const { auth0, lock, utils } = await setup();
+
+        utils.runIframe.mockReturnValue(Promise.reject(new Error('Failed')));
+
+        await expect(auth0.getTokenSilently()).rejects.toThrowError('Failed');
+
+        expect(lock.acquireLockMock).toHaveBeenCalledWith(
+          GET_TOKEN_SILENTLY_LOCK_KEY,
+          5000
+        );
+
+        expect(lock.releaseLockMock).toHaveBeenCalledWith(
+          GET_TOKEN_SILENTLY_LOCK_KEY
+        );
+      });
+
       it('encodes state with random string', async () => {
         const { auth0, utils } = await setup();
 
@@ -1171,18 +1189,25 @@ describe('Auth0', () => {
           'https://test.auth0.com'
         );
       });
+
       it('throws error if state from popup response is different from the provided state', async () => {
-        const { auth0, utils } = await setup();
+        const { auth0, utils, lock } = await setup();
 
         utils.runIframe.mockReturnValue(
           Promise.resolve({
             state: 'other-state'
           })
         );
+
         await expect(
           auth0.getTokenSilently(defaultOptionsIgnoreCacheTrue)
         ).rejects.toThrowError('Invalid state');
+
+        expect(lock.releaseLockMock).toHaveBeenCalledWith(
+          GET_TOKEN_SILENTLY_LOCK_KEY
+        );
       });
+
       it('calls oauth/token with correct params', async () => {
         const { auth0, utils } = await setup();
 

diff --git a/src/Auth0Client.ts b/src/Auth0Client.ts
@@ -310,61 +310,81 @@ export default class Auth0Client {
   ) {
     options.scope = getUniqueScopes(this.DEFAULT_SCOPE, options.scope);
 
-    await lock.acquireLock(GET_TOKEN_SILENTLY_LOCK_KEY, 5000);
-    if (!options.ignoreCache) {
-      const cache = this.cache.get({
-        scope: options.scope,
-        audience: options.audience || 'default'
+    try {
+      await lock.acquireLock(GET_TOKEN_SILENTLY_LOCK_KEY, 5000);
+
+      if (!options.ignoreCache) {
+        const cache = this.cache.get({
+          scope: options.scope,
+          audience: options.audience || 'default'
+        });
+
+        if (cache) {
+          lock.releaseLock(GET_TOKEN_SILENTLY_LOCK_KEY);
+          return cache.access_token;
+        }
+      }
+
+      const stateIn = encodeState(createRandomString());
+      const nonceIn = createRandomString();
+      const code_verifier = createRandomString();
+      const code_challengeBuffer = await sha256(code_verifier);
+      const code_challenge = bufferToBase64UrlEncoded(code_challengeBuffer);
+
+      const authorizeOptions = {
+        audience: options.audience,
+        scope: options.scope
+      };
+
+      const params = this._getParams(
+        authorizeOptions,
+        stateIn,
+        nonceIn,
+        code_challenge,
+        this.options.redirect_uri || window.location.origin
+      );
+
+      const url = this._authorizeUrl({
+        ...params,
+        prompt: 'none',
+        response_mode: 'web_message'
       });
-      if (cache) {
-        lock.releaseLock(GET_TOKEN_SILENTLY_LOCK_KEY);
-        return cache.access_token;
+
+      const codeResult = await runIframe(url, this.domainUrl);
+
+      if (stateIn !== codeResult.state) {
+        throw new Error('Invalid state');
       }
-    }
-    const stateIn = encodeState(createRandomString());
-    const nonceIn = createRandomString();
-    const code_verifier = createRandomString();
-    const code_challengeBuffer = await sha256(code_verifier);
-    const code_challenge = bufferToBase64UrlEncoded(code_challengeBuffer);
-    const authorizeOptions = {
-      audience: options.audience,
-      scope: options.scope
-    };
-    const params = this._getParams(
-      authorizeOptions,
-      stateIn,
-      nonceIn,
-      code_challenge,
-      this.options.redirect_uri || window.location.origin
-    );
-    const url = this._authorizeUrl({
-      ...params,
-      prompt: 'none',
-      response_mode: 'web_message'
-    });
 
-    const codeResult = await runIframe(url, this.domainUrl);
-    if (stateIn !== codeResult.state) {
-      throw new Error('Invalid state');
+      const authResult = await oauthToken({
+        baseUrl: this.domainUrl,
+        audience: options.audience || this.options.audience,
+        client_id: this.options.client_id,
+        code_verifier,
+        code: codeResult.code
+      });
+
+      const decodedToken = this._verifyIdToken(authResult.id_token, nonceIn);
+
+      const cacheEntry = {
+        ...authResult,
+        decodedToken,
+        scope: params.scope,
+        audience: params.audience || 'default'
+      };
+
+      this.cache.save(cacheEntry);
+
+      ClientStorage.save('auth0.is.authenticated', true, {
+        daysUntilExpire: 1
+      });
+
+      return authResult.access_token;
+    } catch (e) {
+      throw e;
+    } finally {
+      lock.releaseLock(GET_TOKEN_SILENTLY_LOCK_KEY);
     }
-    const authResult = await oauthToken({
-      baseUrl: this.domainUrl,
-      audience: options.audience || this.options.audience,
-      client_id: this.options.client_id,
-      code_verifier,
-      code: codeResult.code
-    });
-    const decodedToken = this._verifyIdToken(authResult.id_token, nonceIn);
-    const cacheEntry = {
-      ...authResult,
-      decodedToken,
-      scope: params.scope,
-      audience: params.audience || 'default'
-    };
-    this.cache.save(cacheEntry);
-    ClientStorage.save('auth0.is.authenticated', true, { daysUntilExpire: 1 });
-    lock.releaseLock(GET_TOKEN_SILENTLY_LOCK_KEY);
-    return authResult.access_token;
   }
 
   /**