feat(core): Add check for expired refresh token

Author: lpatino10

core/src/main/java/com/ibm/watson/developer_cloud/service/security/IamTokenManager.java

@@ -45,7 +45,8 @@ public IamTokenManager(IamOptions options) {
   /**
    * This function returns an access token. The source of the token is determined by the following logic:
    * 1. If user provides their own managed access token, assume it is valid and send it
-   * 2. If this class is managing tokens and does not yet have one, make a request for one
+   * 2. If this class is managing tokens and does not yet have one, or the refresh token is expired, make a request
+   * for one
    * 3. If this class is managing tokens and the token has expired, refresh it
    * 4. If this class is managing tokens and has a valid token stored, send it
    *
@@ -57,10 +58,10 @@ public String getToken() {
     if (userManagedAccessToken != null) {
       // use user-managed access token
       token = userManagedAccessToken;
-    } else if (tokenData.getAccessToken() == null) {
-      // request first-time token
+    } else if (tokenData.getAccessToken() == null || isRefreshTokenExpired()) {
+      // request new token
       token = requestToken();
-    } else if (isTokenExpired()) {
+    } else if (isAccessTokenExpired()) {
       // refresh current token
       token = refreshToken();
     } else {
@@ -129,16 +130,16 @@ public void setAccessToken(String userManagedAccessToken) {
   }
 
   /**
-   * Check if currently stored token is expired.
+   * Check if currently stored access token is expired.
    *
    * Using a buffer to prevent the edge case of the
    * token expiring before the request could be made.
    *
    * The buffer will be a fraction of the total TTL. Using 80%.
    *
-   * @return whether the current managed token is expired or not
+   * @return whether the current managed access token is expired or not
    */
-  private boolean isTokenExpired() {
+  private boolean isAccessTokenExpired() {
     if (tokenData.getExpiresIn() == null || tokenData.getExpiration() == null) {
       return true;
     }
@@ -152,6 +153,25 @@ private boolean isTokenExpired() {
     return refreshTime < currentTime;
   }
 
+  /**
+   * Used as a fail-safe to prevent the condition of a refresh token expiring,
+   * which could happen after around 30 days. This function will return true
+   * if it has been at least 7 days and 1 hour since the last token was
+   * retrieved.
+   *
+   * @returns whether the current managed refresh token is expired or not
+   */
+  private boolean isRefreshTokenExpired() {
+    if (tokenData.getExpiration() != null) {
+      return true;
+    }
+
+    int sevenDays = 7 * 24 * 3600;
+    Double currentTime = Math.floor(System.currentTimeMillis() / 1000);
+    Long newTokenTime = tokenData.getExpiration() + sevenDays;
+    return newTokenTime < currentTime;
+  }
+
   /**
    * Executes call to IAM API and returns IamToken object representing the response.
    *

natural-language-classifier/src/main/java/com/ibm/watson/developer_cloud/natural_language_classifier/v1/NaturalLanguageClassifier.java

@@ -77,9 +77,9 @@ public NaturalLanguageClassifier(String username, String password) {
   }
 
   /**
-   * Instantiates a new `NaturalLanguageClassifier` with IAM. Note that if the access token is specified in the iamOptions,
-   * you accept responsibility for managing the access token yourself. You must set a new access token before this one
-   * expires. Failing to do so will result in authentication errors after this token expires.
+   * Instantiates a new `NaturalLanguageClassifier` with IAM. Note that if the access token is specified in the
+   * iamOptions, you accept responsibility for managing the access token yourself. You must set a new access token
+   * before this one expires. Failing to do so will result in authentication errors after this token expires.
    *
    * @param iamOptions the options for authenticating through IAM
    */