This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push:
new 013cf51c68d Synchronize access token refresh when refresh tokens
aren't recycled (#3133)
013cf51c68d is described below
commit 013cf51c68dfdfbc1290edeb71c9ef4aef4d4a22
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Fri May 22 09:43:49 2026 +0100
Synchronize access token refresh when refresh tokens aren't recycled (#3133)
---
.../rs/security/oauth2/provider/AbstractOAuthDataProvider.java | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 24b1a1e1477..8a35996a968 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -225,6 +225,16 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
@Override
public ServerAccessToken refreshAccessToken(Client client, String
refreshTokenKey,
List<String> restrictedScopes)
throws OAuthServiceException {
+ if (!recycleRefreshTokens) {
+ synchronized (refreshTokenLock) {
+ return doRefreshAccessToken(client, refreshTokenKey,
restrictedScopes);
+ }
+ }
+ return doRefreshAccessToken(client, refreshTokenKey, restrictedScopes);
+ }
+
+ private ServerAccessToken doRefreshAccessToken(Client client, String
refreshTokenKey,
+ List<String>
restrictedScopes) {
RefreshToken currentRefreshToken = recycleRefreshTokens
? revokeRefreshToken(client, refreshTokenKey) :
getRefreshToken(refreshTokenKey);
if (currentRefreshToken == null) {
