Package com.oracle.bmc.auth.internal

Class AbstractAsyncFederationClient

  • All Implemented Interfaces:
    AsyncFederationClient, ProvidesConfigurableRefreshAsync
    Direct Known Subclasses:
    WorkloadIdentityFederationClient
    public abstract class AbstractAsyncFederationClient
extends Object
implements AsyncFederationClient, ProvidesConfigurableRefreshAsync
    Abstract base class for asynchronous federation clients that handle security token retrieval and refresh logic.

    This class manages the lifecycle of security tokens, including refreshing tokens when they are about to expire, and optionally refreshing session keys. It ensures that only one token refresh operation is in progress at any time, and provides mechanisms to reuse pending refresh operations. The class is thread-safe and uses a lock to synchronize access to the refresh logic.

    Async Implementation Note
    This implementation provides true asynchronous behavior through CompletableFuture-based APIs. The underlying HTTP operations are handled by the OCI SDK's HttpClient abstraction, which ensures consistent non-blocking semantics regardless of the specific HTTP client implementation in use. This design enables:

    • Non-blocking token retrieval and refresh operations
    • Proper CompletableFuture composition and chaining
    • Concurrent token operations without thread blocking
    • Consistent async behavior across different HTTP client implementations

    Features like buildAsync() in authentication providers rely on this async foundation to provide token pre-fetching and fail-fast authentication initialization.

    Subclasses must implement getSecurityTokenFromServer() to define how security tokens are fetched from the server.

    See Also:
    AsyncFederationClient, ProvidesConfigurableRefreshAsync

    • Field Detail

      • federationClient

        protected final com.oracle.bmc.http.client.HttpClient federationClient

    • Method Detail

      • refreshAndGetSecurityTokenIfExpiringWithin

        public CompletableFuture<String> refreshAndGetSecurityTokenIfExpiringWithin​(Duration time,
                                                                            boolean refreshKeys)
        Description copied from interface: ProvidesConfigurableRefreshAsync
        Gets a security token from the federation endpoint if the security token expires within the provided duration and allows to enable/disable refresh of keys.

        This will always retrieve a new token from the federation endpoint and does not use a cached token.

        Specified by:
        refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefreshAsync
        Parameters:
        time - the duration to check
        refreshKeys - boolean value to enable/disable refresh of keys
        Returns:
        A CompletableFuture that completes with a security token that can be used to authenticate requests.

      • refreshAndGetSecurityTokenInnerAsync

        protected CompletableFuture<String> refreshAndGetSecurityTokenInnerAsync​(boolean doFinalTokenValidityCheck,
                                                                         Duration time,
                                                                         boolean refreshKeys)

      • onTokenRefreshCompleted

        protected abstract void onTokenRefreshCompleted​(Duration tokenValidDuration)
        Hook method called after a successful token refresh.

        Subclasses can override this to perform additional actions like scheduling proactive refreshes.

      • refreshAndGetSecurityToken

        public CompletableFuture<String> refreshAndGetSecurityToken()
        Description copied from interface: AsyncFederationClient
        Gets a security token from the federation endpoint.

        This will always retrieve a new token from the federation endpoint and does not use a cached token.

        Specified by:
        refreshAndGetSecurityToken in interface AsyncFederationClient
        Returns:
        A CompletableFuture that will complete with a security token that can be used to authenticate requests.

      • getFederationEndpoint

        protected String getFederationEndpoint()