michaeljmarshall opened a new issue, #20107: URL: https://github.com/apache/pulsar/issues/20107
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Motivation The `AuthenticationOAuth2` provider only retrieves a new token when the current one has expired. https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/AuthenticationOAuth2.java#L99-L106 However, when there is an unexpected signing key rotation, which can happen for several reasons, a client will fail to authenticate until the token expires. ### Solution The client could invalidate the cached token and retrieve a new one. Note that this is happening when authentication has already failed, so the current token is already known to be invalid. ### Alternatives _No response_ ### Anything else? _No response_ ### Are you willing to submit a PR? - [ ] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
