You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 31, 2022. It is now read-only.
When making a request via OAuth2RestTemplate (In our case we are using client credentials), The getAccessToken method checks if the token is expired and if so, requests a new token:
If the token is 1ms from expiration then this code will still attempt to use the token. The server will reject this token when it receives it (This is also a problem if the server/client have small difference in clocks).
It seems like the best-practice would be to refresh the token ahead of the actual expiration by some small grace period (i.e. 5 seconds).
The text was updated successfully, but these errors were encountered:
+1 for this. I also have found an edge case in our system where the token passes the isExpired check, but the receiving service rejects it for being expired. It would be great if either the token or OAuth2RestTemplate could do the expiry check with some configurable padding.
When making a request via OAuth2RestTemplate (In our case we are using client credentials), The getAccessToken method checks if the token is expired and if so, requests a new token:
If the token is 1ms from expiration then this code will still attempt to use the token. The server will reject this token when it receives it (This is also a problem if the server/client have small difference in clocks).
It seems like the best-practice would be to refresh the token ahead of the actual expiration by some small grace period (i.e. 5 seconds).
The text was updated successfully, but these errors were encountered: