2025582 - add rate limit to external browser OAuth requests

Status: NEW

(Thunderbird :: Account Manager, enhancement, P2)

Description

[Justin Tracey [:jtracey]]

When observing bug 2025579, it was a lot noisier with the new external browser flow than the old internal browser flow. In the old flow, there's effectively a lock preventing a new OAuth authentication request until the last one has been closed. We can't do that with the external browser, because we can't see if/when the last request as been aborted, only when it succeeds. This manifested in that bug as Thunderbird opening as many browser tabs as it could before Microsoft failed the auth flow entirely. While we obviously want to avoid bugs that would cause that at all in the future, we should make sure there's a rate limit on these requests so that such a bug doesn't overwhelm the user's browser with new tabs. Something like a few seconds seems like a good middle ground to enabling the user to close Thunderbird before the browser is overwhelmed, while still being largely invisible to a user who aborts and re-launches a new login attempt.