From aa18da5f82821f76b0469eee85f9f0fc4198c27d Mon Sep 17 00:00:00 2001
From: Daniel Garnier-Moiroux <daniel.garnier-moiroux@broadcom.com>
Date: Thu, 17 Apr 2025 14:35:40 +0200
Subject: [PATCH] Recover from all refresh-token related errors by requesting a
 new token

- When the UAA throws an error other than HTTP 401, the refresh token
  flow fails, and can lead to irrecoverable errors where there
  application needs to be restarted. This changes ensure we are
  resilitent to all UAA errors. The downside is that we may not retry
  using a refresh token when it fails for an unrelated reason (eg HTTP
  503), requesting access tokens more frequently. The impact should be
  extremely marginal.

Signed-off-by: Daniel Garnier-Moiroux <daniel.garnier-moiroux@broadcom.com>
---
 .../tokenprovider/AbstractUaaTokenProvider.java        | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/tokenprovider/AbstractUaaTokenProvider.java b/cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/tokenprovider/AbstractUaaTokenProvider.java
index 731cd1ab99..a0631fbbf4 100644
--- a/cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/tokenprovider/AbstractUaaTokenProvider.java
+++ b/cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/tokenprovider/AbstractUaaTokenProvider.java
@@ -25,7 +25,6 @@
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.Jwts;
 import io.netty.handler.codec.http.HttpHeaders;
-import io.netty.handler.codec.http.HttpResponseStatus;
 import io.netty.util.AsciiString;
 import java.time.LocalDateTime;
 import java.time.ZoneId;
@@ -46,7 +45,6 @@
 import org.cloudfoundry.reactor.util.Operator;
 import org.cloudfoundry.reactor.util.OperatorContext;
 import org.cloudfoundry.reactor.util.UserAgent;
-import org.cloudfoundry.uaa.UaaException;
 import org.immutables.value.Value;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -253,12 +251,8 @@ private Mono<String> refreshToken(ConnectionContext connectionContext, String re
                         connectionContext,
                         refreshTokenGrantTokenRequestTransformer(refreshToken),
                         tokensExtractor(connectionContext))
-                .onErrorResume(
-                        t ->
-                                t instanceof UaaException
-                                        && ((UaaException) t).getStatusCode()
-                                                == HttpResponseStatus.UNAUTHORIZED.code(),
-                        t -> Mono.empty());
+                .doOnError(t -> LOGGER.error("Refresh token grant error.", t))
+                .onErrorResume(t -> Mono.empty());
     }
 
     private BiConsumer<HttpClientRequest, HttpClientForm> refreshTokenGrantTokenRequestTransformer(