From 81d28042842e6b1ed808c405070f0f074fceb117 Mon Sep 17 00:00:00 2001
From: chiaco <chiaco@gmail.com>
Date: Wed, 19 Nov 2025 14:36:19 -0800
Subject: [PATCH] Fixed a credential refresh edge case

The current code treats "no cached credentials" and "credentials about to expire" as the same condition. The problem is that it tries to refresh the soon-to-expire credentials, and blindly overrides the current value. This is a problem because the refresh can (and has failed on us), while the existing credentials would still otherwise have been valid. It overwrites the existing "good" credentials with a null value, when it didn't need to.

This pull request changes it so it only replaces the existing credentials only if the new credentials are actually valid.
---
 .../common/auth/STSAssumeRoleSessionCredentialsProvider.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/aliyun/oss/common/auth/STSAssumeRoleSessionCredentialsProvider.java b/src/main/java/com/aliyun/oss/common/auth/STSAssumeRoleSessionCredentialsProvider.java
index f3b2dd37..348d59b2 100644
--- a/src/main/java/com/aliyun/oss/common/auth/STSAssumeRoleSessionCredentialsProvider.java
+++ b/src/main/java/com/aliyun/oss/common/auth/STSAssumeRoleSessionCredentialsProvider.java
@@ -84,7 +84,10 @@ public Credentials getCredentials() {
         if (credentials == null || credentials.willSoonExpire()) {
             synchronized (this) {
                 if (credentials == null || credentials.willSoonExpire()) {
-                    credentials = getNewSessionCredentials();
+                    BasicCredentials newCredentials = getNewSessionCredentials();
+                    if(newCredentials != null) {
+                        credentials = newCredentials;
+                    }
                 }
             }
         }