From 9b81a8e37e8c1f01acd7e4be8d8a70e1e4e5387f Mon Sep 17 00:00:00 2001 From: Catherine Renelle <32781029+catrenelle@users.noreply.github.com> Date: Tue, 10 Feb 2026 20:02:07 -0500 Subject: [PATCH] Fix auth refresh retry loop on expired tokens The 401 interceptor was re-triggering itself when the refresh call also returned 401, causing repeated requests before eventually logging out. Add guards to skip refresh for the refresh endpoint itself and prevent any request from retrying more than once. Co-Authored-By: Claude Opus 4.6 --- frontend/src/services/api.ts | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/frontend/src/services/api.ts b/frontend/src/services/api.ts index f106d86..3c47c87 100644 --- a/frontend/src/services/api.ts +++ b/frontend/src/services/api.ts @@ -18,12 +18,14 @@ api.interceptors.request.use(config => { api.interceptors.response.use( response => response, async error => { - if (error.response?.status === 401) { + const originalRequest = error.config + if (error.response?.status === 401 && !originalRequest._retry && !originalRequest.url?.includes('/auth/refresh')) { + originalRequest._retry = true const authStore = useAuthStore() try { await authStore.refreshToken() - error.config.headers.Authorization = `Bearer ${authStore.token}` - return api(error.config) + originalRequest.headers.Authorization = `Bearer ${authStore.token}` + return api(originalRequest) } catch { authStore.logout() router.push('/login')