Merge commit from fork

chore:remove token request cache

Author: kelvinzhu-okta

src/server/client.ts

@@ -52,7 +52,6 @@ import {
 } from "./session/abstract-session-store.js";
 import { StatefulSessionStore } from "./session/stateful-session-store.js";
 import { StatelessSessionStore } from "./session/stateless-session-store.js";
-import { TokenRequestCache } from "./token-request-cache.js";
 import {
   TransactionCookieOptions,
   TransactionStore
@@ -366,9 +365,6 @@ export class Auth0Client {
   private domain: string;
   #options: Auth0ClientOptions;
 
-  // Cache for in-flight token requests to prevent race conditions
-  #tokenRequestCache = new TokenRequestCache();
-
   constructor(options: Auth0ClientOptions = {}) {
     this.#options = options;
     // Extract and validate required options
@@ -643,14 +639,7 @@ export class Auth0Client {
       };
     }
 
-    // Execute the token request with caching to avoid duplicate in-flight requests
-    return this.#tokenRequestCache.execute(
-      () => this.executeGetAccessToken(req, res, options),
-      {
-        options,
-        authorizationParameters: this.#options.authorizationParameters
-      }
-    );
+    return this.executeGetAccessToken(req, res, options);
   }
 
   /**

src/server/get-access-token-concurrent.test.ts

@@ -266,8 +266,11 @@ describe("Auth0Client - getAccessToken (Concurrent Calls)", () => {
     const accessToken1 = allAccessTokens.find((t) => t.audience === audience1);
     const accessToken2 = allAccessTokens.find((t) => t.audience === audience2);
 
-    // Expect only two tokens in the session, one per audience
-    expect(allAccessTokens).toHaveLength(2);
+    // NOTE: Without request deduplication (cache removed), concurrent calls with
+    // identical parameters will each execute independently. This means we may get
+    // multiple tokens saved for the same audience/scope combination, though they
+    // should have the same value. The test now verifies that all tokens are present.
+    expect(allAccessTokens.length).toBeGreaterThanOrEqual(2);
 
     expect(accessToken1).toBeDefined();
     expect(accessToken1!.accessToken).toBe(token1);