Race condition: immediate reauth prompt after sign-in #9011
Description
Description
After signing in (particularly via auth broker), the account panel sometimes immediately shows a "Reauthenticate now" prompt on one or more tenants. Clicking the button completes reauthentication without requiring credentials or account selection — the tokens are available, they just weren't ready when the subscription load ran.
Root Cause Analysis
The account panel's TenantViewModel.init() calls _loadSubscriptions() immediately after a new account is added. This triggers getAccountSubscriptions(), which requires token acquisition. If the identity service's token cache hasn't finished propagating the new account's tokens, the subscription load fails and _handleError() sets subscriptionsLoadError, which shows the warning UI with the reauthenticate button.
This is a classic race condition — the failure is intermittent and disappears when debugger breakpoints slow execution enough for the token cache to populate.
Reproduction
- Remove all accounts
- Sign in via auth broker (or any auth flow)
- Observe that one or more tenants may briefly show the reauthenticate prompt
- Click "Reauthenticate now" — succeeds without any credential entry
Not 100% reproducible; depends on timing between token cache population and subscription loading.
Possible Fixes
- Retry with backoff: If
_loadSubscriptions()fails for a just-added account, retry once after a short delay before showing the error UI - Defer tenant init: Delay
TenantViewModel.init()slightly for newly added accounts - Signal-based: Have the identity service emit an event when the token cache is fully populated, and only then trigger subscription loading
Affected Component
src/components/account-panel — TenantViewModel._loadSubscriptions()