Re: [PR] OAK-10780: add azure access token refresh logic [jackrabbit-oak]

Thu, 16 May 2024 23:03:55 -0700 


t-rana commented on code in PR #1441:
URL: https://github.com/apache/jackrabbit-oak/pull/1441#discussion_r1604391435


##########
oak-segment-azure/src/main/java/org/apache/jackrabbit/oak/segment/azure/AzureUtilities.java:
##########
@@ -207,6 +230,61 @@ public void write(@NotNull byte[] bytes, int offset, int 
length) {
         }
     }
 
+    /**
+     * This class represents a token refresher responsible for ensuring the 
validity of the access token used for azure AD authentication.
+     * The access token generated by the Azure client is valid for 1 hour 
only. Therefore, this class periodically checks the validity
+     * of the access token and refreshes it if necessary. The refresh is 
triggered when the current access token is about to expire,
+     * defined by a threshold of 5 minutes from the current time. This 
threshold is similar to what is being used in azure identity to
+     * generate a new token
+     */
+    private static class TokenRefresher implements Runnable {
+
+        private final ClientSecretCredential clientSecretCredential;
+        private AccessToken accessToken;
+        private final StorageCredentialsToken storageCredentialsToken;
+
+
+        /**
+         * Constructs a new TokenRefresher object with the specified 
parameters.
+         *
+         * @param clientSecretCredential  The client secret credential used to 
obtain the access token.
+         * @param accessToken             The current access token.
+         * @param storageCredentialsToken The storage credentials token 
associated with the access token.
+         */
+        public TokenRefresher(ClientSecretCredential clientSecretCredential,
+                              AccessToken accessToken,
+                              StorageCredentialsToken storageCredentialsToken) 
{
+            this.clientSecretCredential = clientSecretCredential;
+            this.accessToken = accessToken;
+            this.storageCredentialsToken = storageCredentialsToken;
+        }
+
+        @Override
+        public void run() {
+            try {
+                log.debug("Checking for azure access token expiry at: {}", 
LocalDateTime.now());
+                OffsetDateTime tokenExpiryThreshold = 
OffsetDateTime.now().plusMinutes(5);

Review Comment:
   azure identity serves the token from cache, and will only refresh the token 
when there are 5 minutes left in token expiry. so keeping a 20 minutes 
threshold will not help as the token will be served from cache only and will 
not be refreshed. hence i have taken a threshold of 5 minutes similar to what 
is being used in azure identity.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to