Interceptor is not save against token refresh if tokens are invalidated immediately

[sschoeb]

We have enabled token refresh. When opening the app, we do a request to our userinfo endpoint to get some information from the user.
If the user hasn't been on our page for a while, the token refresh right away kicks in and right away does get a new token. This works fine, but it may be faster the the request of the /userinfo endpoint, which then fails due to an invalid access token (as the refresh invalidated the old access token)

To Reproduce
Steps to reproduce the behavior:

1. Create an app that does request anything from an endpoint in the APP_INITIALIZER
2. enable silent_refresh and set the factor to a very low value, so that always when you open the app you hit the token refresh (otherwise you would need to wait till the token needs to be refreshed...)
3. Load the page a few times and you will hit a 401 from the API

Expected behavior
While a token refresh is in progress, it should hold back requests.

Desktop (please complete the following information):

• OS: Windows
• Browser All (Chrme, Firefox, Safari, ..)
• Version Latest

Additional context
I've already included the changes from the following PR: #1423

This may be related to the configuration of the authentication server. Zitadel e.g. does immediately invalidate tokens if you get a new one, others may not - in this case this would not be a problem!

Overall: Is this library still maintained? I'm a bit surprised to see bugs like this or the one fixed by the PR mentioned above in a library as popular as this.