github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 07:18:56 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

[PR #5684] [CLOSED] fix(jwt): add mutex lock to JWT #23058

New Issue
Closed
opened 2026-04-15 21:27:23 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-15 21:27:23 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/better-auth/better-auth/pull/5684
Author: @okisdev
Created: 10/30/2025
Status: Closed

Base: canaryHead: fix(jwt)/concurrency-control

📝 Commits (4)

  • 0926bb3 fix(jwt): concurrency control
  • 2b312ea fix(jwt): concurrency control
  • ca8f9e4 fix(jwt): concurrency control
  • 5e3eb75 fix(jwt): concurrency control

📊 Changes

5 files changed (+398 additions, -13 deletions)

View changed files

📝 packages/better-auth/src/plugins/jwt/adapter.ts (+92 -0)
📝 packages/better-auth/src/plugins/jwt/index.ts (+6 -4)
📝 packages/better-auth/src/plugins/jwt/jwt.test.ts (+277 -0)
📝 packages/better-auth/src/plugins/jwt/sign.ts (+4 -5)
📝 packages/better-auth/src/plugins/jwt/utils.ts (+19 -4)

📄 Description

This PR adds a mutex lock to ensure concurrency safety for JWT.

This PR fixes #5663.

Summary by cubic

Adds application-level concurrency control for JWK creation to prevent duplicate keys when JWKS and token signing are called in parallel. Fixes #5663.

  • Bug Fixes

    • Serialize JWK creation with an app-level mutex.
    • Added adapter.getOrCreateLatestKey and use it in JWKS and signJWT paths.
    • Ensures only one latest key exists under concurrent requests.

  • Refactors

    • Split key generation into generateJwkData; createJwk now delegates to it.
    • Updated jwt/index and sign.ts to use the new adapter flow.
    • Added tests for concurrent JWKS, token signing, signJWT, and mixed scenarios.

Written for commit 5e3eb75a81. Summary will update automatically on new commits.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/better-auth/better-auth/pull/5684 **Author:** [@okisdev](https://github.com/okisdev) **Created:** 10/30/2025 **Status:** ❌ Closed **Base:** `canary` ← **Head:** `fix(jwt)/concurrency-control` --- ### 📝 Commits (4) - [`0926bb3`](https://github.com/better-auth/better-auth/commit/0926bb3e47e62a36c73bdb8243c2b7dc8c1061f4) fix(jwt): concurrency control - [`2b312ea`](https://github.com/better-auth/better-auth/commit/2b312ea8b9f7be90be16d737c669a4bf6bf1f149) fix(jwt): concurrency control - [`ca8f9e4`](https://github.com/better-auth/better-auth/commit/ca8f9e42d9bdf590f8be63a6b5047401c43ca6a1) fix(jwt): concurrency control - [`5e3eb75`](https://github.com/better-auth/better-auth/commit/5e3eb75a811e839d30416bc8ab36771281307078) fix(jwt): concurrency control ### 📊 Changes **5 files changed** (+398 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `packages/better-auth/src/plugins/jwt/adapter.ts` (+92 -0) 📝 `packages/better-auth/src/plugins/jwt/index.ts` (+6 -4) 📝 `packages/better-auth/src/plugins/jwt/jwt.test.ts` (+277 -0) 📝 `packages/better-auth/src/plugins/jwt/sign.ts` (+4 -5) 📝 `packages/better-auth/src/plugins/jwt/utils.ts` (+19 -4) </details> ### 📄 Description This PR adds a mutex lock to ensure concurrency safety for JWT. This PR fixes #5663. <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Adds application-level concurrency control for JWK creation to prevent duplicate keys when JWKS and token signing are called in parallel. Fixes #5663. - **Bug Fixes** - Serialize JWK creation with an app-level mutex. - Added adapter.getOrCreateLatestKey and use it in JWKS and signJWT paths. - Ensures only one latest key exists under concurrent requests. - **Refactors** - Split key generation into generateJwkData; createJwk now delegates to it. - Updated jwt/index and sign.ts to use the new adapter flow. - Added tests for concurrent JWKS, token signing, signJWT, and mixed scenarios. <sup>Written for commit 5e3eb75a811e839d30416bc8ab36771281307078. Summary will update automatically on new commits.</sup> <!-- End of auto-generated description by cubic. --> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-15 21:27:23 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#23058
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?