[GitHub] [iceberg] rdblue commented on a diff in pull request #6562: Core: Improvements around Token Refresh time expiration

Mon, 23 Jan 2023 09:45:01 -0800 


rdblue commented on code in PR #6562:
URL: https://github.com/apache/iceberg/pull/6562#discussion_r1084361177


##########
core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Util.java:
##########
@@ -550,31 +512,29 @@ public static AuthSession fromAccessToken(
         RESTClient client,
         ScheduledExecutorService executor,
         String token,
-        Long defaultExpiresInMillis,
+        Long defaultExpiresAtMillis,
         AuthSession parent) {
       AuthSession session =
           new AuthSession(
               parent.headers(), token, OAuth2Properties.ACCESS_TOKEN_TYPE, 
parent.credential());
 
-      long startTimeMillis = System.currentTimeMillis();
-      Long expiresAtMillis = session.expiresAtMillis();
+      Long expiresAtMillis = null;
 
-      if (isExpired(expiresAtMillis, startTimeMillis)) {
+      if (session.expiresAtMillis() != null
+          && session.expiresAtMillis() <= System.currentTimeMillis()) {
+        long startTimeMillis = System.currentTimeMillis();
         Pair<Integer, TimeUnit> expiration = session.refresh(client);
         if (expiration != null) {
-          scheduleTokenRefresh(
-              client, executor, session, startTimeMillis, expiration.first(), 
expiration.second());
+          expiresAtMillis = startTimeMillis + 
expiration.second().toMillis(expiration.first());

Review Comment:
   Now that token refresh is based around `expiresAt`, should we prefer the 
specific timestamp from the token if it exists? I think it would make sense to 
check `session.expiresAtMillis()` here and use it in place of the duration, 
since the duration requires careful handling of start time.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to