fix: Corrected a bug where logging in with an expired token requires immediate re-login.

patternhelloworld · patternhelloworld · commit 63a23cb634b7 · 2024-04-26T00:08:46.000+09:00
diff --git a/src/main/java/com/patternknife/securityhelper/oauth2/config/security/serivce/persistence/authorization/OAuth2AuthorizationServiceImpl.java b/src/main/java/com/patternknife/securityhelper/oauth2/config/security/serivce/persistence/authorization/OAuth2AuthorizationServiceImpl.java
@@ -174,10 +174,18 @@ public OAuth2Authorization findByToken(@NotEmpty String tokenValue, @NotEmpty OA
                 oAuth2Authorization = customOauthAccessToken.getAuthentication();
             }
         } catch (Exception e) {
+
             exceptionHandler.accept(e);
+
+            // Retry only one more time
+            customOauthAccessToken = accessTokenSupplier.get().orElse(null);
+            if (customOauthAccessToken != null) {
+                oAuth2Authorization = customOauthAccessToken.getAuthentication();
+            }
         }
         if (customOauthAccessToken != null && oAuth2Authorization != null && oAuth2Authorization.getAccessToken() != null && oAuth2Authorization.getAccessToken().isExpired()) {
             customOauthAccessTokenRepository.deleteByTokenId(customOauthAccessToken.getTokenId());
+            return null;
         }
 
         return oAuth2Authorization;
@@ -222,19 +230,26 @@ public OAuth2Authorization findByToken(@NotEmpty String tokenValue, @NotEmpty OA
                 oAuth2Authorization = customOauthRefreshToken.getAuthentication();
             }
         } catch (Exception e) {
+
             exceptionHandler.accept(e);
+
+            // Retry only one more time
+            customOauthRefreshToken = refreshTokenSupplier.get().orElse(null);
+            if (customOauthRefreshToken != null) {
+                oAuth2Authorization = customOauthRefreshToken.getAuthentication();
+            }
         }
 
         if (customOauthRefreshToken != null && oAuth2Authorization != null && oAuth2Authorization.getRefreshToken() != null && oAuth2Authorization.getRefreshToken().isExpired()) {
             customOauthRefreshTokenRepository.deleteByTokenId(customOauthRefreshToken.getTokenId());
+            return null;
         }
         return oAuth2Authorization;
     }
 
 
 
 
-
     /*
     *   4. D for Delete
     * */
