|
Seems like AuthzModule does not refresh the authorization token when a server returns HTTP status code 401.
As far as I understand OAuth2AuthzModule is responsible for token invalidation when timing is right, especially OAuth2AuthzModule#handleError method. After debugging I found out that isAuthorized check in this method returns false in such situations as described and, as Java language works, refreshAccess is not executed at all. After debugging further I noticed that the account.tokenIsNotExpired check in the method isAuthorized returns false. The situation is confusing a bit and looks like a deadlock-type situation.
I assume that the possible solution can be replacing this line of the OAuth2AuthzModule#handleError method
return isAuthorized() && refreshAccess();
|
with this one
return refreshAccess() && isAuthorized();
|
|
