(gravitino) branch main updated: [#8087] improvement(Oauth2): OAuth2 token provider to automatically fetch a new token (#8116)

[jshao]

This is an automated email from the ASF dual-hosted git repository.

jshao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git


The following commit(s) were added to refs/heads/main by this push:
     new 873757f1eb [#8087] improvement(Oauth2): OAuth2 token provider to 
automatically fetch a new token (#8116)
873757f1eb is described below

commit 873757f1ebb45ce3ab8afb51fe2fb702282c6e61
Author: Sambhavi Pandey <48976443+pandeysam...@users.noreply.github.com>
AuthorDate: Tue Aug 19 09:38:52 2025 +0530

    [#8087] improvement(Oauth2): OAuth2 token provider to automatically fetch a 
new token (#8116)
    
    ### What changes were proposed in this pull request?
    Oauth2 provider automatically fetches a new token when the old one is
    expired
    
    
    ### Why are the changes needed?
    Improve the Oauth2 token provider to fetch auth token automatically
    
    Fix: #8087
    
    ### Does this PR introduce _any_ user-facing change?
    
    ### How was this patch tested?
    Unit testing
---
 .../client/DefaultOAuth2TokenProvider.java         | 14 +++------
 .../gravitino/client/TestOAuth2TokenProvider.java  | 35 ++++++++++++++++++++--
 2 files changed, 37 insertions(+), 12 deletions(-)

diff --git 
a/clients/client-java/src/main/java/org/apache/gravitino/client/DefaultOAuth2TokenProvider.java
 
b/clients/client-java/src/main/java/org/apache/gravitino/client/DefaultOAuth2TokenProvider.java
index 59e901eee7..7d2e5fb870 100644
--- 
a/clients/client-java/src/main/java/org/apache/gravitino/client/DefaultOAuth2TokenProvider.java
+++ 
b/clients/client-java/src/main/java/org/apache/gravitino/client/DefaultOAuth2TokenProvider.java
@@ -36,17 +36,11 @@ public class DefaultOAuth2TokenProvider extends 
OAuth2TokenProvider {
   protected String getAccessToken() {
     synchronized (this) {
       Long expires = OAuth2ClientUtil.expiresAtMillis(token);
-      if (expires == null) {
-        return null;
+      if (expires == null || expires <= System.currentTimeMillis()) {
+        token =
+            OAuth2ClientUtil.fetchToken(client, Collections.emptyMap(), 
credential, scope, path)
+                .getAccessToken();
       }
-
-      if (expires > System.currentTimeMillis()) {
-        return token;
-      }
-
-      token =
-          OAuth2ClientUtil.fetchToken(client, Collections.emptyMap(), 
credential, scope, path)
-              .getAccessToken();
       return token;
     }
   }
diff --git 
a/clients/client-java/src/test/java/org/apache/gravitino/client/TestOAuth2TokenProvider.java
 
b/clients/client-java/src/test/java/org/apache/gravitino/client/TestOAuth2TokenProvider.java
index 426078c62b..2c91f17e38 100644
--- 
a/clients/client-java/src/test/java/org/apache/gravitino/client/TestOAuth2TokenProvider.java
+++ 
b/clients/client-java/src/test/java/org/apache/gravitino/client/TestOAuth2TokenProvider.java
@@ -118,10 +118,10 @@ public class TestOAuth2TokenProvider {
     response = new OAuth2TokenResponse("1", "2", "bearer", 1, "test", null);
     respJson = objectMapper.writeValueAsString(response);
     mockResponse = mockResponse.withBody(respJson);
-    mockServer.when(any(), Times.exactly(1)).respond(mockResponse);
+    mockServer.when(any(), Times.exactly(2)).respond(mockResponse);
     OAuth2TokenProvider provider = builder.build();
     Assertions.assertTrue(provider.hasTokenData());
-    Assertions.assertNull(provider.getTokenData());
+    Assertions.assertNotNull(provider.getTokenData());
     KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);
     String oldAccessToken =
         Jwts.builder()
@@ -153,4 +153,35 @@ public class TestOAuth2TokenProvider {
         AuthConstants.AUTHORIZATION_BEARER_HEADER + accessToken,
         new String(provider.getTokenData(), StandardCharsets.UTF_8));
   }
+
+  @Test
+  public void testTokenNotFetchedWhenValid() throws Exception {
+    OAuth2TokenProvider.Builder builder =
+        DefaultOAuth2TokenProvider.builder()
+            .withUri(String.format("http://127.0.0.1:%d";, PORT))
+            .withCredential("yy:xx")
+            .withPath("oauth/token")
+            .withScope("test");
+    HttpResponse mockResponse = 
HttpResponse.response().withStatusCode(HttpStatus.SC_OK);
+    ObjectMapper objectMapper = ObjectMapperProvider.objectMapper();
+    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);
+    String accessToken =
+        Jwts.builder()
+            .setSubject("gravitino")
+            .setExpiration(new Date(System.currentTimeMillis() + 10000))
+            .setAudience("service1")
+            .signWith(keyPair.getPrivate(), SignatureAlgorithm.RS256)
+            .compact();
+
+    OAuth2TokenResponse response =
+        new OAuth2TokenResponse(accessToken, "2", "bearer", 1, "test", null);
+    String respJson = objectMapper.writeValueAsString(response);
+    mockResponse = mockResponse.withBody(respJson);
+    mockServer.when(any(), Times.exactly(1)).respond(mockResponse);
+    OAuth2TokenProvider provider = builder.build();
+    String token = provider.getAccessToken();
+    Assertions.assertEquals(accessToken, token);
+    String oldToken = provider.getAccessToken();
+    Assertions.assertEquals(accessToken, oldToken);
+  }
 }