fix(manager): optimize token durationToRenewal calculation

I observed the durationToRenewal was significantly slower than before
due to changes done to cover the unnecessary precision. Using
Milliseconds as the TTL is sufficient and significantly faster.

Author: ndyakov

credentials_provider_test.go

@@ -117,7 +117,7 @@ func TestCredentialsProviderWithMockIdentityProvider(t *testing.T) {
 				"test-token",
 				time.Now().Add(time.Hour),
 				time.Now(),
-				int64(time.Hour),
+				time.Hour.Milliseconds(),
 			),
 		}
 
@@ -159,7 +159,7 @@ func TestCredentialsProviderWithMockIdentityProvider(t *testing.T) {
 				"test-token",
 				time.Now().Add(time.Hour),
 				time.Now(),
-				int64(time.Hour),
+				time.Hour.Milliseconds(),
 			),
 		}
 
@@ -219,7 +219,7 @@ func TestCredentialsProviderWithMockIdentityProvider(t *testing.T) {
 				"initial-token",
 				time.Now().Add(time.Hour),
 				time.Now(),
-				int64(time.Hour),
+				time.Hour.Milliseconds(),
 			),
 		}
 
@@ -253,7 +253,7 @@ func TestCredentialsProviderWithMockIdentityProvider(t *testing.T) {
 			"updated-token",
 			time.Now().Add(time.Hour),
 			time.Now(),
-			int64(time.Hour),
+			time.Hour.Milliseconds(),
 		)
 		tm.lock.Unlock()
 
@@ -329,7 +329,7 @@ func TestCredentialsProviderSubscribe(t *testing.T) {
 			rawTokenString,
 			time.Now().Add(tokenExpiration),
 			time.Now(),
-			int64(tokenExpiration),
+			tokenExpiration.Milliseconds(),
 		)
 
 		listener := &mockCredentialsListener{
@@ -386,7 +386,7 @@ func TestCredentialsProviderSubscribe(t *testing.T) {
 			rawTokenString,
 			time.Now().Add(tokenExpiration),
 			time.Now(),
-			int64(tokenExpiration),
+			tokenExpiration.Milliseconds(),
 		)
 		mtm := &mockTokenManager{done: make(chan struct{})}
 		// Set the token manager factory in the options
@@ -514,7 +514,7 @@ func TestCredentialsProviderSubscribe(t *testing.T) {
 			rawTokenString,
 			time.Now().Add(tokenExpiration),
 			time.Now(),
-			int64(tokenExpiration),
+			tokenExpiration.Milliseconds(),
 		)
 		// Set the token manager factory in the options
 		options := opts

entraid_test.go

@@ -48,7 +48,7 @@ func (m *fakeTokenManager) GetToken(forceRefresh bool) (*token.Token, error) {
 			rawTokenString,
 			time.Now().Add(tokenExpiration),
 			time.Now(),
-			int64(tokenExpiration.Seconds()),
+			tokenExpiration.Milliseconds(),
 		)
 	}
 	return m.token, m.err

manager/defaults.go

@@ -3,7 +3,6 @@ package manager
 import (
 	"errors"
 	"fmt"
-	"math"
 	"net"
 	"os"
 	"time"
@@ -177,6 +176,6 @@ func (*defaultIdentityProviderResponseParser) ParseResponse(response shared.Iden
 		rawToken,
 		expiresOn,
 		now,
-		int64(math.Ceil(time.Until(expiresOn).Seconds())),
+		time.Until(expiresOn).Milliseconds(),
 	), nil
 }

manager/entraid_manager.go

@@ -238,30 +238,99 @@ func (e *entraidTokenManager) stop() (err error) {
 // If the token is nil, it returns 0.
 // If the time till expiration is less than the lower bound duration, it returns 0 to renew the token now.
 func (e *entraidTokenManager) durationToRenewal(t *token.Token) time.Duration {
+	return e.durationToRenewalV5(t)
+	/*
+		if t == nil {
+			return 0
+		}
+		now := time.Now().UTC()
+
+		expirationRefreshTime := t.ReceivedAt().Add(time.Duration(float64(t.TTL()) * float64(time.Millisecond) * e.expirationRefreshRatio))
+		timeTillExpiration := time.Until(t.ExpirationOn())
+
+		// if the expirationRefreshTime is in the past, return 0 to renew the token NOW
+		if expirationRefreshTime.Before(now) {
+			return 0
+		}
+
+		// if the timeTillExpiration is less than the lower bound (or 0), return 0 to renew the token NOW
+		if timeTillExpiration <= e.lowerBoundDuration || timeTillExpiration <= 0 {
+			return 0
+		}
+
+		// Calculate the time to renew the token based on the expiration refresh ratio
+		duration := time.Until(expirationRefreshTime)
+
+		// if the duration will take us past the lower bound, return the duration to lower bound
+		if timeTillExpiration-e.lowerBoundDuration < duration {
+			return timeTillExpiration - e.lowerBoundDuration
+		}
+
+		// return the calculated duration
+		return duration
+	*/
+}
+
+// durationToRenewalV5 is an ultra-optimized version that uses minimal operations
+// and integer math for maximum performance, matching the logic of durationToRenewal.
+// It calculates the duration until the next token renewal based on:
+// 1. The token's TTL (in milliseconds) and expiration refresh ratio
+// 2. The lower bound duration for refresh
+// 3. The current time and token's expiration time
+func (e *entraidTokenManager) durationToRenewalV5(t *token.Token) time.Duration {
+	// Fast path: nil token check
 	if t == nil {
 		return 0
 	}
-	expirationRefreshTime := t.ReceivedAt().Add(time.Duration(float64(t.TTL()) * float64(time.Second) * e.expirationRefreshRatio))
-	timeTillExpiration := time.Until(t.ExpirationOn())
-	now := time.Now().UTC()
 
-	if expirationRefreshTime.Before(now) {
+	// Get current time in milliseconds (UTC)
+	nowMillis := time.Now().UTC().UnixMilli()
+
+	// Get expiration time in milliseconds
+	expMillis := t.ExpirationOn().UnixMilli()
+
+	// Fast path: token already expired
+	if expMillis <= nowMillis {
+		return 0
+	}
+
+	// Calculate time until expiration in milliseconds
+	timeTillExpiration := expMillis - nowMillis
+
+	// Get lower bound in milliseconds
+	lowerBoundMillis := e.lowerBoundDuration.Milliseconds()
+
+	// Fast path: time until expiration is less than lower bound
+	if timeTillExpiration <= lowerBoundMillis {
 		return 0
 	}
 
-	// if the timeTillExpiration is less than the lower bound (or 0), return 0 to renew the token NOW
-	if timeTillExpiration <= e.lowerBoundDuration || timeTillExpiration <= 0 {
+	// Calculate refresh time using integer math:
+	// 1. TTL is already in milliseconds
+	// 2. Multiply by refresh ratio (as integer percentage)
+	// 3. Add to received time
+	ttlMillis := t.TTL()                                     // Already in milliseconds
+	refreshRatioInt := int64(e.expirationRefreshRatio * 100) // Convert to integer percentage
+	refreshMillis := (ttlMillis * refreshRatioInt) / 100     // Integer division for ratio
+	refreshTimeMillis := t.ReceivedAt().UnixMilli() + refreshMillis
+
+	// Calculate time until refresh
+	timeUntilRefresh := refreshTimeMillis - nowMillis
+
+	// Fast path: refresh time is in the past
+	if timeUntilRefresh <= 0 {
 		return 0
 	}
 
-	// Calculate the time to renew the token based on the expiration refresh ratio
-	duration := time.Until(expirationRefreshTime)
+	// Convert to time.Duration for final calculations
+	timeUntilRefreshDur := time.Duration(timeUntilRefresh) * time.Millisecond
+	timeTillExpirationDur := time.Duration(timeTillExpiration) * time.Millisecond
 
-	// if the duration will take us past the lower bound, return the duration to lower bound
-	if timeTillExpiration-e.lowerBoundDuration < duration {
-		return timeTillExpiration - e.lowerBoundDuration
+	// If refresh would occur after lower bound, use time until lower bound
+	if timeTillExpirationDur-e.lowerBoundDuration < timeUntilRefreshDur {
+		return timeTillExpirationDur - e.lowerBoundDuration
 	}
 
-	// return the calculated duration
-	return duration
+	// Otherwise use time until refresh
+	return timeUntilRefreshDur
 }

manager/manager_test.go

@@ -61,7 +61,7 @@ var testTokenValid = token.New(
 	"test",
 	time.Now().Add(time.Hour),
 	time.Now(),
-	int64(time.Hour.Seconds()),
+	time.Hour.Milliseconds(),
 )
 
 func newTestJWTToken(expiresOn time.Time) string {