Skip to content

feat: add authenticator invalidate (SHOP-231) #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
vsolovei-smartling wants to merge 1 commit into from
+95 −2
Closed

feat: add authenticator invalidate (SHOP-231) #134

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions smartling-api-commons/src/main/java/com/smartling/api/v2/client/auth/Authenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,19 +116,26 @@ boolean isRefreshable()
return refreshExpiresAt > clock.currentTimeMillis();
}

public synchronized void invalidate()
{
this.authentication = null;
this.expiresAt = -1;
this.refreshExpiresAt = -1;
}
Comment on lines +119 to +124
Copy link

@PavelLoparev PavelLoparev Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not called by anyone, isn't?

Copy link
Contributor Author

@vsolovei-smartling vsolovei-smartling Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to use it in https://github.com/Smartling/connectors-export-service/pull/97/changes#diff-eba6a586acd2df1c46841b76ac26172168b0e36ecc51ce56c44400f336660da5R17

Copy link

@PavelLoparev PavelLoparev Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that filter is only for logging. your http client from sdk already gets 401 response isn't? why can't you handle this 401 in sdk directly?


private synchronized String getAccessTokenInternal()
{
this.authentication = api.authenticate(new AuthenticationRequest(userIdentifier, userSecret));
this.expiresAt = authentication.getExpiresIn() * 1000 + System.currentTimeMillis();
this.refreshExpiresAt = authentication.getRefreshExpiresIn() * 100 + System.currentTimeMillis();
this.refreshExpiresAt = authentication.getRefreshExpiresIn() * 1000 + System.currentTimeMillis();
Comment on lines -123 to +130
Copy link

@PavelLoparev PavelLoparev Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like the real fix is this one?

Copy link
Contributor Author

@vsolovei-smartling vsolovei-smartling Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is THE fix, it will reduce full re-authentication count, the only downside of having 100 vs 1000 is the frequency of full re-authentications vs refreshes.

return authentication.getAccessToken();
}

private synchronized String refreshAccessToken()
{
this.authentication = api.refresh(new AuthenticationRefreshRequest(authentication.getRefreshToken()));
this.expiresAt = authentication.getExpiresIn() * 1000 + System.currentTimeMillis();
this.refreshExpiresAt = authentication.getRefreshExpiresIn() * 100 + System.currentTimeMillis();
this.refreshExpiresAt = authentication.getRefreshExpiresIn() * 1000 + System.currentTimeMillis();
return authentication.getAccessToken();
}
}
86 changes: 86 additions & 0 deletions smartling-api-commons/src/test/java/com/smartling/api/v2/client/auth/AuthenticatorTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,4 +141,90 @@ public void isRefreshableExpired()
when(clock.currentTimeMillis()).thenReturn(REFRESH_TOKEN_TTL * 1000 + System.currentTimeMillis());
assertFalse(authenticator.isRefreshable());
}

@Test
public void invalidateClearsToken()
{
when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis());
authenticator.getAccessToken();
assertTrue(authenticator.isValid());

authenticator.invalidate();

assertFalse(authenticator.isValid());
assertFalse(authenticator.isRefreshable());
}

@Test
public void getAccessTokenAfterInvalidateReAuthenticates()
{
when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis());
authenticator.getAccessToken();
authenticator.invalidate();
authenticator.getAccessToken();

verify(authenticationApi, times(2)).authenticate(any(AuthenticationRequest.class));
verify(authenticationApi, never()).refresh(any(AuthenticationRefreshRequest.class));
}

@Test
public void getAccessTokenRefreshesAtExactExpiryBoundary()
{
Authentication shortLivedAuth = new Authentication("accessToken", "refreshToken", 480, 21600, "bearer");
Authentication refreshedAuth = new Authentication("newAccessToken", "newRefreshToken", 480, 21600, "bearer");

when(authenticationApi.authenticate(any(AuthenticationRequest.class))).thenReturn(shortLivedAuth);
when(authenticationApi.refresh(any(AuthenticationRefreshRequest.class))).thenReturn(refreshedAuth);

authenticator.getAccessToken();

when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis() + 480_000L);

String token = authenticator.getAccessToken();

assertEquals(refreshedAuth.getAccessToken(), token);
verify(authenticationApi, times(1)).authenticate(any(AuthenticationRequest.class));
verify(authenticationApi, times(1)).refresh(any(AuthenticationRefreshRequest.class));
}

@Test
public void getAccessTokenRefreshesJustBeforeRefreshTokenExpiry()
{
Authentication shortLivedAuth = new Authentication("accessToken", "refreshToken", 480, 21600, "bearer");
Authentication refreshedAuth = new Authentication("newAccessToken", "newRefreshToken", 480, 21600, "bearer");

when(authenticationApi.authenticate(any(AuthenticationRequest.class))).thenReturn(shortLivedAuth);
when(authenticationApi.refresh(any(AuthenticationRefreshRequest.class))).thenReturn(refreshedAuth);

authenticator.getAccessToken();

// Access token expired, refresh token still valid
when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis() + 21_510_000L);

String token = authenticator.getAccessToken();

assertEquals(refreshedAuth.getAccessToken(), token);
verify(authenticationApi, times(1)).authenticate(any(AuthenticationRequest.class));
verify(authenticationApi, times(1)).refresh(any(AuthenticationRefreshRequest.class));
}

@Test
public void getAccessTokenRefreshesWhenAccessTokenExpiredButRefreshTokenValid()
{
Authentication shortLivedAuth = new Authentication("accessToken", "refreshToken", 480, 21600, "bearer");
Authentication refreshedAuth = new Authentication("newAccessToken", "newRefreshToken", 480, 21600, "bearer");

when(authenticationApi.authenticate(any(AuthenticationRequest.class))).thenReturn(shortLivedAuth);
when(authenticationApi.refresh(any(AuthenticationRefreshRequest.class))).thenReturn(refreshedAuth);

authenticator.getAccessToken();

when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis() + 600_000L);

String token = authenticator.getAccessToken();

assertEquals(refreshedAuth.getAccessToken(), token);
verify(authenticationApi, times(1)).authenticate(any(AuthenticationRequest.class));
verify(authenticationApi, times(1)).refresh(any(AuthenticationRefreshRequest.class));
}
}