From 0285e3eb08f9e78adbc211f030b590f540a51dfc Mon Sep 17 00:00:00 2001
From: Jonathan Hess <hessjc@google.com>
Date: Wed, 14 Jun 2023 11:02:20 -0600
Subject: [PATCH] fix: only refresh if the token has expired.

---
 .../com/google/cloud/sql/core/SqlAdminApiFetcher.java    | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/com/google/cloud/sql/core/SqlAdminApiFetcher.java b/core/src/main/java/com/google/cloud/sql/core/SqlAdminApiFetcher.java
index 7d5c4f3d0..9578d8081 100644
--- a/core/src/main/java/com/google/cloud/sql/core/SqlAdminApiFetcher.java
+++ b/core/src/main/java/com/google/cloud/sql/core/SqlAdminApiFetcher.java
@@ -299,10 +299,17 @@ private Certificate fetchEphemeralCertificate(
    * @throws IOException when the credentials.refresh() has failed 3 times
    */
   private void refreshWithRetry(OAuth2Credentials credentials) throws IOException {
+
+    // if the access token has not expired, do not attempt to refresh
+    AccessToken token = credentials.getAccessToken();
+    if( token == null || token.getExpirationTime().toInstant().isAfter(Instant.now()) ) {
+      return;
+    }
+
     Callable<OAuth2Credentials> refresh =
         () -> {
           try {
-            credentials.refresh();
+            credentials.refreshIfExpired();
           } catch (IllegalStateException e) {
             throw new IllegalStateException(
                 String.format(