Fix concurrency issues

hashicorp · Aug 28, 2024 · 9d41927 · 9d41927
1 parent 816652c
commit 9d41927
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/.changelog/267.txt b/.changelog/267.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+Fixes concurrency issues while using a browser based token.
+```
diff --git a/auth/tokencache/tokensource.go b/auth/tokencache/tokensource.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"sync"
 	"time"
 
 	"golang.org/x/oauth2"
@@ -22,6 +23,10 @@ const (
 	minTTL = 15 * time.Second
 )
 
+var (
+	mutex sync.Mutex
+)
+
 // sourceType identities the type of token source.
 type sourceType = string
 
@@ -37,6 +42,14 @@ type cachingTokenSource struct {
 // Token implements the oauth2.TokenSource interface. It will read cached tokens from a file and based on their validity
 // return, refresh or replace them.
 func (source *cachingTokenSource) Token() (*oauth2.Token, error) {
+	// According to https://cs.opensource.google/go/x/oauth2/+/refs/tags/v0.22.0:oauth2.go;l=68-73
+	// Token must be safe for concurrent use by multiple goroutines.
+	// Additionally, terraform invoke the provider in a parallel manner. Without this synchronization,
+	// multiple Token exchange will happen. This also means that if user uses browser based token,
+	// it will opens the browser multiple times.
+	mutex.Lock()
+	defer mutex.Unlock()
+
 	// Read the cache information from the file, if it exists
 	cachedTokens, err := readCache(source.cacheFile)
 	if err != nil {