Ensure the default URLSession for OAuth2Client is ephemeral #152
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Certain versions of macOS provides a
URLSession.shared
instance that uses a persistent URL cache, whereas newer versions do not. Since the/oauth2/v1/keys
endpoint has a long cache expiry (~= 10 days), when keys are rotated on the server, users may not be unable to sign in unless they clear the cache (or delete and reinstall the app).Since other parts of the SDK explicitly uses an ephemeral session already, this looks an oversight, so it’s good to make our uses of URLSession consistent across the SDK.