Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Done
-
1.9.1.Final
-
None
-
None
Description
I can see those potential issues with TokenManager class used internally by admin client:
- If more threads called concurrently keycloak.tokenManager().getAccessToken(), there is some chance that all of them will try to race for refreshing the same access token. Guess we can improve and add semaphore or locking mechanism to ensure that there is just one refresh at the same time
- The field "currentToken" should be made volatile . The field "expirationTime" could be probably removed entirely and instead the expiration time could be always computed from currentToken
