feat(java): add forced access token refresh and expiry buffer

Author: dgawande12

src/main/java/com/factset/sdk/utils/authentication/ConfidentialClient.java

@@ -180,6 +180,24 @@ protected ConfidentialClient(final Configuration config, final TokenRequestBuild
         this.tokenRequestBuilder = tokReqBuilder.uri(this.providerMetadata.getTokenEndpointURI());
     }
 
+    /**
+     * Returns an access token that can be used for authentication. If the cache contains a valid access token,
+     * it's returned. Otherwise, a new access token is retrieved from FactSet's authorization server.
+     * If forceRefresh is true, always fetches a new token regardless of cache.
+     *
+     * @param forceRefresh If true, forces fetching a new token from the server.
+     * @return The access token in string format.
+     * @throws AccessTokenException If it can't make a successful request or parse the TokenRequest.
+     * @throws SigningJwsException  If the signing of the JWS fails.
+     */
+    public String getAccessToken(boolean forceRefresh) throws AccessTokenException, SigningJwsException {
+        if (!forceRefresh && this.isCachedTokenValid()) {
+            LOGGER.info("Retrieved access token which expires in: {} seconds", TimeUnit.MILLISECONDS.toSeconds(this.accessTokenExpireTime - System.currentTimeMillis()));
+            return this.accessToken.toString();
+        }
+        return this.fetchAccessToken();
+    }
+
     /**
      * Returns an access token that can be used for authentication. If the cache contains a valid access token,
      * it's returned. Otherwise, a new access token is retrieved from FactSet's authorization server. The access
@@ -265,8 +283,8 @@ private String fetchAccessToken() throws AccessTokenException, SigningJwsExcepti
         if (tokenRes.indicatesSuccess()) {
             this.accessToken = tokenRes.toSuccessResponse().getTokens().getAccessToken();
             this.accessTokenExpireTime =
-                this.jwsIssuedAt + TimeUnit.SECONDS.toMillis(this.accessToken.getLifetime());
-            LOGGER.info("Fetched access token which expires in: {} seconds", this.accessToken.getLifetime());
+                this.jwsIssuedAt + TimeUnit.SECONDS.toMillis(this.accessToken.getLifetime()) - Constants.ACCESS_TOKEN_EXPIRY_OFFSET_MILLIS;
+            LOGGER.info("Fetched access token which expires in: {} seconds (buffered)", this.accessToken.getLifetime());
             return this.accessToken.toString();
         }
 

src/main/java/com/factset/sdk/utils/authentication/Constants.java

@@ -13,6 +13,9 @@ public final class Constants {
     // default values
     public static final String FACTSET_WELL_KNOWN_URI = "https://auth.factset.com/.well-known/openid-configuration";
 
+    // Buffer (in milliseconds) to refresh access token before actual expiry
+    public static final long ACCESS_TOKEN_EXPIRY_OFFSET_MILLIS = 30000; // 30 seconds
+
     private Constants() {
         throw new IllegalStateException("Utility class");
     }

src/test/java/com/factset/sdk/utils/authentication/ConfidentialClientTest.java

@@ -7,6 +7,7 @@
 import com.nimbusds.oauth2.sdk.http.HTTPResponse;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+import org.mockito.stubbing.OngoingStubbing;
 
 import javax.net.ssl.HttpsURLConnection;
 import java.io.File;
@@ -253,24 +254,10 @@ void getAccessTokenCallingWithErroneousResponseRaisesAccessTokenException() thro
 
     @Test
     void getAccessTokenCalledForTheFirstTimeReturnsANewAccessToken() throws Exception {
-        HttpURLConnection mockedConn = mock(HttpURLConnection.class);
-        URL mockedURL = getUrlMockResponse("exampleResponseWellKnownUri.txt", mockedConn);
-        Configuration configurationMock = ConfidentialClientTest.getConfigSpyMockedResponse(
-                mockedURL, "validConfig.txt"
-        );
-
-        HTTPRequest mockedRequest = mock(HTTPRequest.class);
-        TokenRequestBuilder tokenRequestBuilderSpy = ConfidentialClientTest.createTokenRequestBuilderSpy(
-                HTTPResponse.SC_OK,
-                "{\"access_token\":\"test token\",\"token_type\":\"Bearer\",\"expires_in\":899}",
-                true,
-                mockedRequest
-        );
-
-        ConfidentialClient confidentialClientSpy = spy(new ConfidentialClient(configurationMock, tokenRequestBuilderSpy));
-        String accessToken = confidentialClientSpy.getAccessToken();
-
+        TestHarness harness = createClientWithTokens(899, "test token");
+        String accessToken = harness.client.getAccessToken();
         assertEquals("test token", accessToken);
+        verify(harness.httpRequestMock, times(1)).send();
     }
 
     @Test
@@ -301,100 +288,93 @@ void getAccessTokenCalledWithRequestOptionsSetsProxyAndSSLSettings() throws Exce
 
     @Test
     void getAccessTokenCalledTwiceBeforeExpirationReturnsSameAccessToken() throws Exception {
-        HttpURLConnection mockedConn = mock(HttpURLConnection.class);
-        URL mockedURL = getUrlMockResponse("exampleResponseWellKnownUri.txt", mockedConn);
-        Configuration configurationMock = ConfidentialClientTest.getConfigSpyMockedResponse(
-                mockedURL, "validConfig.txt"
-        );
-
-        HTTPResponse res = new HTTPResponse(HTTPResponse.SC_OK);
-        res.setContent("{\"access_token\":\"test token\",\"token_type\":\"Bearer\",\"expires_in\":899}");
-        res.setHeader("Content-Type", "application/json;charset=utf-8");
-
-        AuthorizationGrant grant = new UnitTestGrant();
-        URI uriSpy = spy(new URI("https://test.test.com/.test-test/test-test"));
-        TokenRequest tokenRequestMock = spy(new TokenRequest(uriSpy, grant, new Scope()));
-
-        TokenRequestBuilder tokenRequestBuilderSpy = spy(new TokenRequestBuilder());
+        TestHarness harness = createClientWithTokens(899, "test token");
+        String accessToken1 = harness.client.getAccessToken();
+        String accessToken2 = harness.client.getAccessToken();
+        assertEquals("test token", accessToken1);
+        assertEquals("test token", accessToken2);
+        verify(harness.httpRequestMock, times(1)).send();
+    }
 
-        HTTPRequest httpRequestMock = mock(HTTPRequest.class);
+    @Test
+    void getAccessTokenCallingBeforeAndAfterExpirationReturnsDifferentAccessToken() throws Exception {
+        TestHarness harness = createClientWithTokens(0, "test token 1", "test token 2");
+        String accessToken1 = harness.client.getAccessToken();
+        String accessToken2 = harness.client.getAccessToken();
+        assertEquals("test token 1", accessToken1);
+        assertEquals("test token 2", accessToken2);
+        verify(harness.httpRequestMock, times(2)).send();
+    }
 
-        doReturn(tokenRequestMock).when(tokenRequestBuilderSpy).build();
-        doReturn(httpRequestMock).when(tokenRequestMock).toHTTPRequest();
-        doReturn(res).when(httpRequestMock).send();
+    @Test
+    void getAccessTokenWithForceRefreshTrueAlwaysFetchesNewToken() throws Exception {
+        TestHarness harness = createClientWithTokens(899, "token1", "token2");
+        String tokenA = harness.client.getAccessToken(true);
+        String tokenB = harness.client.getAccessToken(true);
+        assertEquals("token1", tokenA);
+        assertEquals("token2", tokenB);
+        verify(harness.httpRequestMock, times(2)).send();
+    }
 
-        ConfidentialClient confidentialClientSpy = spy(new ConfidentialClient(configurationMock, tokenRequestBuilderSpy));
+    @Test
+    void getAccessTokenWithForceRefreshFalseReturnsCachedTokenIfValid() throws Exception {
+        TestHarness harness = createClientWithTokens(899, "tokenX");
+        String token1 = harness.client.getAccessToken(false);
+        String token2 = harness.client.getAccessToken(false);
+        assertEquals("tokenX", token1);
+        assertEquals("tokenX", token2);
+        verify(harness.httpRequestMock, times(1)).send();
+    }
 
-        String accessToken1 = confidentialClientSpy.getAccessToken();
-        String accessToken2 = confidentialClientSpy.getAccessToken();
+    @Test
+    void getAccessTokenForceRefreshThenCachedReturnsCorrectTokens() throws Exception {
+        TestHarness harness = createClientWithTokens(899, "tokenA", "tokenB");
+        String tokenA = harness.client.getAccessToken(true); // force fetch first (tokenA)
+        String tokenB = harness.client.getAccessToken(false); // should use cached tokenA, not fetch tokenB
+        assertEquals("tokenA", tokenA);
+        assertEquals("tokenA", tokenB);
+        verify(harness.httpRequestMock, times(1)).send();
+    }
 
-        assertEquals("test token", accessToken1);
-        assertEquals("test token", accessToken2);
-        verify(httpRequestMock).send();
+    private static class TestHarness {
+        final ConfidentialClient client;
+        final HTTPRequest httpRequestMock;
+        TestHarness(ConfidentialClient client, HTTPRequest httpRequestMock) {
+            this.client = client;
+            this.httpRequestMock = httpRequestMock;
+        }
     }
 
-    @Test
-    void getAccessTokenCallingBeforeAndAfterExpirationReturnsDifferentAccessToken() throws Exception {
+    private static TestHarness createClientWithTokens(int expiresInSeconds, String... tokens) throws Exception {
         HttpURLConnection mockedConn = mock(HttpURLConnection.class);
         URL mockedURL = getUrlMockResponse("exampleResponseWellKnownUri.txt", mockedConn);
-        Configuration configurationMock = ConfidentialClientTest.getConfigSpyMockedResponse(
-                mockedURL, "validConfig.txt"
-        );
-
-        HTTPResponse res1 = new HTTPResponse(HTTPResponse.SC_OK);
-        res1.setContent("{\"access_token\":\"test token 1\",\"token_type\":\"Bearer\",\"expires_in\":0}");
-        res1.setHeader("Content-Type", "application/json;charset=utf-8");
-
-        HTTPResponse res2 = new HTTPResponse(HTTPResponse.SC_OK);
-        res2.setContent("{\"access_token\":\"test token 2\",\"token_type\":\"Bearer\",\"expires_in\":0}");
-        res2.setHeader("Content-Type", "application/json;charset=utf-8");
+        Configuration configurationMock = getConfigSpyMockedResponse(mockedURL, "validConfig.txt");
 
         AuthorizationGrant grant = new UnitTestGrant();
         URI uriSpy = spy(new URI("https://test.test.com/.test-test/test-test"));
         TokenRequest tokenRequestMock = spy(new TokenRequest(uriSpy, grant, new Scope()));
-
         TokenRequestBuilder tokenRequestBuilderSpy = spy(new TokenRequestBuilder());
-
         HTTPRequest httpRequestMock = mock(HTTPRequest.class);
 
+        OngoingStubbing<HTTPResponse> stubbing = null;
+        for (String token : tokens) {
+            HTTPResponse res = new HTTPResponse(HTTPResponse.SC_OK);
+            String body = String.format("{\"access_token\":\"%s\",\"token_type\":\"Bearer\",\"expires_in\":%d}", token, expiresInSeconds);
+            res.setContent(body);
+            res.setHeader("Content-Type", "application/json;charset=utf-8");
+            if (stubbing == null) {
+                stubbing = when(httpRequestMock.send());
+                stubbing = stubbing.thenReturn(res);
+            } else {
+                stubbing = stubbing.thenReturn(res);
+            }
+        }
+
         doReturn(tokenRequestMock).when(tokenRequestBuilderSpy).build();
         doReturn(httpRequestMock).when(tokenRequestMock).toHTTPRequest();
-        doReturn(res1).doReturn(res2).when(httpRequestMock).send();
 
         ConfidentialClient confidentialClientSpy = spy(new ConfidentialClient(configurationMock, tokenRequestBuilderSpy));
-
-        String accessToken1 = confidentialClientSpy.getAccessToken();
-        String accessToken2 = confidentialClientSpy.getAccessToken();
-
-        assertEquals("test token 1", accessToken1);
-        assertEquals("test token 2", accessToken2);
-        verify(httpRequestMock, times(2)).send();
-    }
-
-    @Test
-    void getAccessTokenCallingWithSendErrorRaisesAccessTokenException() throws Exception {
-        try {
-            HttpURLConnection mockedConn = mock(HttpURLConnection.class);
-            URL mockedURL = getUrlMockResponse("exampleResponseWellKnownUri.txt", mockedConn);
-            Configuration configurationMock = ConfidentialClientTest.getConfigSpyMockedResponse(
-                    mockedURL, "validConfig.txt"
-            );
-
-            HTTPRequest mockedRequest = mock(HTTPRequest.class);
-            TokenRequestBuilder tokenRequestBuilderSpy = ConfidentialClientTest.createTokenRequestBuilderSpy(
-                    HTTPResponse.SC_OK,
-                    "{\"error_description\":\"Invalid request.\",\"error\":\"invalid_request\"}",
-                    false,
-                    mockedRequest
-            );
-
-            ConfidentialClient confidentialClientSpy = spy(new ConfidentialClient(configurationMock, tokenRequestBuilderSpy));
-
-            confidentialClientSpy.getAccessToken();
-            fail();
-        } catch (AccessTokenException e) {
-            assertEquals("Error attempting to get the access token", e.getMessage());
-        }
+        return new TestHarness(confidentialClientSpy, httpRequestMock);
     }
 
     private static URL getUrlMockResponse(String stringFile, HttpURLConnection mockedConn) throws IOException {