better oauth token expiration handling

2023-06-12 17:16:03 -04:00 · 2023-06-12 17:16:03 -04:00 · f84279a148
commit f84279a148
parent 44e82b3a6b
1 changed files with 29 additions and 3 deletions
--- a/src/main/java/com/inteligr8/rs/OAuthAuthorizationFilter.java
+++ b/src/main/java/com/inteligr8/rs/OAuthAuthorizationFilter.java
@ -48,6 +48,7 @@ public abstract class OAuthAuthorizationFilter implements AuthorizationFilter {
 	private String accessToken;
 	private long expiration;
 	private String refreshToken;
+	private Long refreshTokenExpiration;
 	
 	/**
 	 * This constructor creates an OAuth-based authorization filter using the
@ -99,8 +100,29 @@ public abstract class OAuthAuthorizationFilter implements AuthorizationFilter {
 	 */
 	@Override
 	public void filter(ClientRequestContext requestContext) {
-		if (this.accessToken == null || System.currentTimeMillis() > this.expiration)
-			this.requestToken();
+		if (this.accessToken == null) {
+		    this.requestToken();
+		} else if (System.currentTimeMillis() >= this.expiration) {
+            this.logger.trace("Access token expired; retrieving new one with refresh token");
+            
+		    if (this.refreshTokenExpiration != null && System.currentTimeMillis() >= this.refreshTokenExpiration.longValue()) {
+                this.logger.debug("Refresh token expired; performing full authentication");
+                this.refreshToken = null;
+                this.requestToken();
+		    } else {
+    		    try {
+    		        this.requestToken();
+                } catch (WebApplicationException wae) {
+                    if (wae.getResponse().getStatusInfo().getFamily() == Family.CLIENT_ERROR) {
+                        this.logger.debug("Received OAuth response {} using refresh token; performing full authentication", wae.getResponse().getStatus());
+                        this.refreshToken = null;
+                        this.requestToken();
+                    } else {
+                        throw wae;
+                    }
+                }
+		    }
+		}
 		
 		requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, "Bearer " + this.accessToken);
 	}
@ -139,6 +161,8 @@ public abstract class OAuthAuthorizationFilter implements AuthorizationFilter {
                .register(new JacksonJaxbJsonProvider())
                .build();
 		WebTarget target = client.target(this.tokenUrl);
+		
+		long requestSendTime = System.currentTimeMillis();

 		Response response = target.request().post(entity);
 		
@ -160,8 +184,10 @@ public abstract class OAuthAuthorizationFilter implements AuthorizationFilter {
 		}
 		
 		this.accessToken = (String)responseMap.get("access_token");
-		this.expiration = System.currentTimeMillis() + ((Number)responseMap.get("expires_in")).longValue() * 1000L;
+		this.expiration = requestSendTime + ((Number)responseMap.get("expires_in")).longValue() * 1000L;
 		this.refreshToken = (String)responseMap.get("refresh_token");
+		if (responseMap.containsKey("refresh_token_expires_in"))
+		    this.refreshTokenExpiration = requestSendTime + ((Number)responseMap.get("refresh_token_expires_in")).longValue() * 1000L;
 	}
 	
 	protected Form createRefreshForm() {