test(integration): use page.clock for proactive token-refresh tests

The MemoryTokenCache cross-tab tests assumed JWT TTL = 60s and waited
50s of wall-clock time for the proactive refresh timer to fire. The
test instances now issue 300s tokens, so the timer is scheduled at
~283s (TTL - 15s leeway - 2s lead) and the 50s window never reaches
it — refreshRequests.length stays at 0 and the assertion fails.

Replace the wall-clock waits with `page.clock.install()` +
`clock.fastForward('5:00')` so the timer can be fired deterministically
regardless of the instance's actual TTL, and so tests no longer take
~50s of CI runtime each.

For the single-session test we sequence the fast-forwards (tab1 first,
then tab2 after the broadcast has had a chance to clear tab2's pending
timer) so we still exercise the BroadcastChannel-based dedup. For the
multi-session test we fast-forward both tabs in parallel because
different sessions have different tokenIds and don't dedupe.

Author: jacekradko

integration/tests/session-token-cache/multi-session.test.ts

@@ -247,9 +247,13 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasks] })(
      * deterministic.
      */
     test('multi-session scheduled refreshes produce one request per session', async ({ context }) => {
-      test.setTimeout(90_000);
-
       const page1 = await context.newPage();
+
+      // Install a virtual clock so the proactive-refresh timer can be
+      // fast-forwarded without depending on the instance's JWT TTL or
+      // waiting wall-clock time.
+      await page1.clock.install();
+
       await page1.goto(app.serverUrl);
       await page1.waitForFunction(() => (window as any).Clerk?.loaded);
 
@@ -265,6 +269,7 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasks] })(
       expect(user1SessionId).toBeDefined();
 
       const page2 = await context.newPage();
+      await page2.clock.install();
       await page2.goto(app.serverUrl);
       await page2.waitForFunction(() => (window as any).Clerk?.loaded);
 
@@ -306,13 +311,17 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasks] })(
         await route.continue();
       });
 
-      // Wait for proactive refresh timers to fire.
-      // Default token TTL is 60s; onRefresh fires at 60 - 15 - 2 = 43s from iat.
-      // Uses page.evaluate to avoid the global actionTimeout (10s) capping the wait.
-      await page1.evaluate(() => new Promise(resolve => setTimeout(resolve, 50_000)));
+      // Fast-forward both tabs past their refresh fire times. The two tabs
+      // hold different sessions and therefore different tokenIds, so
+      // BroadcastChannel does NOT deduplicate; each tab's timer fires its
+      // own /tokens request.
+      await Promise.all([page1.clock.fastForward('5:00'), page2.clock.fastForward('5:00')]);
+
+      // Real-time wait so both network round-trips complete.
+      // eslint-disable-next-line playwright/no-wait-for-timeout
+      await page1.waitForTimeout(1000);
 
       // Two different sessions should each produce exactly one refresh request.
-      // BroadcastChannel deduplication is per-tokenId, so different sessions refresh independently.
       expect(refreshRequests.length).toBe(2);
 
       const refreshedSessionIds = new Set(refreshRequests.map(r => r.sessionId));

integration/tests/session-token-cache/single-session.test.ts

@@ -131,18 +131,25 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withEmailCodes] })(
 
     /**
      * Test Flow:
-     * 1. Open two tabs with the same browser context (shared cookies)
+     * 1. Open two tabs with a virtual clock installed, same browser context
      * 2. Sign in on tab1, reload tab2 to pick up the session
      * 3. Both tabs hydrate their token cache with the session token
-     * 4. Start counting /tokens requests, then wait for the timers to fire
+     * 4. Start counting /tokens requests, then fast-forward virtual time
+     *    past the proactive-refresh fire time
      * 5. Assert only 1 /tokens request was made (not 2)
      */
     test('multi-tab scheduled refreshes are deduped to a single request', async ({ context }) => {
-      test.setTimeout(90_000);
-
       const page1 = await context.newPage();
       const page2 = await context.newPage();
 
+      // Install a virtual clock on each page before any Clerk code runs so
+      // we can fast-forward the proactive-refresh timer without waiting
+      // wall-clock time. Each tab's onRefresh fires at TTL - 15s leeway - 2s
+      // lead; the actual TTL depends on the instance's JWT settings, so we
+      // fast-forward generously rather than hardcoding 43s.
+      await page1.clock.install();
+      await page2.clock.install();
+
       await page1.goto(app.serverUrl);
       await page2.goto(app.serverUrl);
 
@@ -167,28 +174,36 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withEmailCodes] })(
       await u2.po.expect.toBeSignedIn();
 
       // Both tabs are now signed in and have hydrated their token caches
-      // via Session constructor -> #hydrateCache, each with an independent
-      // onRefresh timer that fires at ~43s (TTL 60s - 15s leeway - 2s lead).
+      // via Session constructor -> #hydrateCache, each with its own onRefresh
+      // timer scheduled at ~TTL - 17s.
       // Start counting /tokens requests from this point.
       const refreshRequests: string[] = [];
       await context.route('**/v1/client/sessions/*/tokens*', async route => {
         refreshRequests.push(route.request().url());
         await route.continue();
       });
 
-      // Wait for proactive refresh timers to fire.
-      // Default token TTL is 60s; onRefresh fires at 60 - 15 - 2 = 43s from iat.
-      // We wait 50s to give comfortable buffer, this includes the broadcast delay.
-      //
-      // Uses page.evaluate instead of page.waitForTimeout to avoid
-      // the global actionTimeout (10s) silently capping the wait.
-      await page1.evaluate(() => new Promise(resolve => setTimeout(resolve, 50_000)));
+      // Fast-forward tab1 past its refresh fire time. Tab1's timer fires,
+      // its /tokens request goes out (real network), and on success it
+      // broadcasts the new token to tab2.
+      await page1.clock.fastForward('5:00');
+
+      // Real-time wait: lets the network round-trip complete and the
+      // BroadcastChannel message reach tab2's handler, which clears tab2's
+      // pending refresh timer.
+      // eslint-disable-next-line playwright/no-wait-for-timeout
+      await page2.waitForTimeout(1000);
+
+      // Now fast-forward tab2 past where its timer would have fired. Because
+      // the broadcast already cleared its refresh timer, no /tokens request
+      // should fire from tab2.
+      await page2.clock.fastForward('5:00');
 
-      // Only one tab should have made a /tokens request; the other tab should have
-      // received the refreshed token via BroadcastChannel.
+      // Only tab1 should have made a /tokens request; tab2 got the refreshed
+      // token via BroadcastChannel.
       expect(refreshRequests.length).toBe(1);
 
-      // Both tabs should still have valid tokens after the refresh cycle
+      // Both tabs should still have valid, identical tokens after the refresh.
       const [page1Token, page2Token] = await Promise.all([
         page1.evaluate(() => (window as any).Clerk.session?.getToken()),
         page2.evaluate(() => (window as any).Clerk.session?.getToken()),