Skip to content

feat(java): forced access token refresh and expiry buffer #284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dgawande12 wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat(java): forced access token refresh and expiry buffer #284

dgawande12 wants to merge 7 commits into from

Conversation

@dgawande12
Copy link
Contributor

@dgawande12 dgawande12 commented Sep 30, 2025
edited
Loading

Description

  • Adds ability to force refresh OAuth2 access tokens
  • Introduces configurable proactive offset buffer to refresh tokens before actual expiration time
  • Improves test coverage and reduces duplication in token-handling tests

Links

ENSC-2344

Testing

Checklist

Ensure the following things have been met before requesting a review:

  • Follows all project developer guide and coding standards.
  • Tests have been written for the change, when applicable.
  • Confidential information (credentials, auth tokens, etc...) is not included.

@dgawande12 dgawande12 requested a review from a team as a code owner September 30, 2025 11:58
@dgawande12 dgawande12 self-assigned this Sep 30, 2025
@dgawande12 dgawande12 added the enhancement New feature or request label Sep 30, 2025
@dgawande12 dgawande12 changed the title feat(java): add forced access token refresh and expiry buffer feat(java): forced access token refresh and expiry buffer Sep 30, 2025
@acleary-0
Copy link
Collaborator

acleary-0 commented Sep 30, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details6083d55f-fd17-4ef2-b150-2f8eb3c1b301

New Issues (6)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CVE-2025-11226 Maven-ch.qos.logback:logback-core-1.3.15
detailsRecommended version: 1.5.19
Description: Arbitrary Code Execution (ACE) vulnerability in conditional configuration file processing by QOS.CH logback-core versions through 1.5.18 in Java ap...
Attack Vector: LOCAL
Attack Complexity: LOW

ID: Oi78HyXmlhKQ%2B08EgOhitfnHDnhlP5DMIzyPTaRkXWE%3D
Vulnerable Package
LOW Unpinned Actions Full Length Commit SHA /pr-checks.yml: 18
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: nbvde%2Fv4%2BRDlqk5tZp22hg3O428%3D
LOW Unpinned Actions Full Length Commit SHA /fortify.yml: 29
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: 4ponLjQ9YqM1Tqnjw%2BAGo5j2lcc%3D
LOW Unpinned Actions Full Length Commit SHA /codeql-analysis.yml: 32
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: fRa7hSVmi165a0KbDv%2FtTthoeGE%3D
LOW Unpinned Actions Full Length Commit SHA /codeql-analysis.yml: 37
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: %2Bjf06qtFq%2FhiwToB0qWaTcnrWUs%3D
LOW Unpinned Actions Full Length Commit SHA /codeql-analysis.yml: 40
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: hghq8Fs7C%2Bgxpck6NX7jOZnmotE%3D
Fixed Issues (7)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-core-1.2.11
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-classic-1.2.11
HIGH CVE-2023-6481 Maven-ch.qos.logback:logback-core-1.2.11
MEDIUM CVE-2023-41329 Maven-com.github.tomakehurst:wiremock-jre8-standalone-2.35.0
MEDIUM CVE-2024-12798 Maven-ch.qos.logback:logback-classic-1.2.11
MEDIUM CVE-2024-12798 Maven-ch.qos.logback:logback-core-1.2.11
LOW CVE-2024-12801 Maven-ch.qos.logback:logback-core-1.2.11

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

gdulafactset
gdulafactset reviewed Oct 3, 2025
View reviewed changes
Copy link

@gdulafactset gdulafactset left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments.

mima0815
mima0815 reviewed Oct 6, 2025
View reviewed changes
@dgawande12 dgawande12 force-pushed the feat/java/forceToeknRefresh branch from d89bab1 to ee274df Compare December 16, 2025 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mima0815 mima0815 mima0815 left review comments

@eschmidtfds eschmidtfds eschmidtfds left review comments

@gdulafactset gdulafactset gdulafactset left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@dgawande12 dgawande12

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@dgawande12 @acleary-0 @mima0815 @eschmidtfds @gdulafactset