fix token request race condition

Author: Erwinvandervalk

access-token-management/src/AccessTokenManagement/ClientCredentialsTokenManagementService.cs

@@ -2,37 +2,19 @@
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
 using Microsoft.Extensions.Logging;
+using System.Threading;
 
 namespace Duende.AccessTokenManagement;
 
 /// <summary>
 /// Implements token management logic
 /// </summary>
-public class ClientCredentialsTokenManagementService : IClientCredentialsTokenManagementService
+public class ClientCredentialsTokenManagementService(
+    IClientCredentialsTokenEndpointService clientCredentialsTokenEndpointService,
+    IClientCredentialsTokenCache tokenCache,
+    ILogger<ClientCredentialsTokenManagementService> logger
+) : IClientCredentialsTokenManagementService
 {
-    private readonly ITokenRequestSynchronization _sync;
-    private readonly IClientCredentialsTokenEndpointService _clientCredentialsTokenEndpointService;
-    private readonly IClientCredentialsTokenCache _tokenCache;
-    private readonly ILogger<ClientCredentialsTokenManagementService> _logger;
-
-    /// <summary>
-    /// ctor
-    /// </summary>
-    /// <param name="sync"></param>
-    /// <param name="clientCredentialsTokenEndpointService"></param>
-    /// <param name="tokenCache"></param>
-    /// <param name="logger"></param>
-    public ClientCredentialsTokenManagementService(
-        ITokenRequestSynchronization sync,
-        IClientCredentialsTokenEndpointService clientCredentialsTokenEndpointService,
-        IClientCredentialsTokenCache tokenCache,
-        ILogger<ClientCredentialsTokenManagementService> logger)
-    {
-        _sync = sync;
-        _clientCredentialsTokenEndpointService = clientCredentialsTokenEndpointService;
-        _tokenCache = tokenCache;
-        _logger = logger;
-    }
 
     /// <inheritdoc/>
     public async Task<ClientCredentialsToken> GetAccessTokenAsync(
@@ -46,47 +28,34 @@ public async Task<ClientCredentialsToken> GetAccessTokenAsync(
         {
             try
             {
-                var item = await _tokenCache.GetAsync(clientName, parameters, cancellationToken).ConfigureAwait(false);
+                var item = await tokenCache.GetAsync(
+                    clientName: clientName, 
+                    requestParameters: parameters, 
+                    cancellationToken: cancellationToken).ConfigureAwait(false);
                 if (item != null)
                 {
                     return item;
                 }
             }
             catch (Exception e)
             {
-                _logger.LogError(e,
+                logger.LogError(e,
                     "Error trying to obtain token from cache for client {clientName}. Error = {error}. Will obtain new token.", 
                     clientName, e.Message);
             }
         }
 
-        return await _sync.SynchronizeAsync(clientName, async () =>
-        {
-            var token = await _clientCredentialsTokenEndpointService.RequestToken(clientName, parameters, cancellationToken).ConfigureAwait(false);
-            if (token.IsError)
-            {
-                _logger.LogError(
-                    "Error requesting access token for client {clientName}. Error = {error}.",
-                    clientName, token.Error);
-
-                return token;
-            }
-
-            try
-            {
-                await _tokenCache.SetAsync(clientName, token, parameters, cancellationToken).ConfigureAwait(false);
-            }
-            catch (Exception e)
-            {
-                _logger.LogError(e,
-                    "Error trying to set token in cache for client {clientName}. Error = {error}", 
-                    clientName, e.Message);
-            }
-
-            return token;
-        }).ConfigureAwait(false);
+        return await tokenCache.GetOrCreateAsync(
+            clientName: clientName, 
+            requestParameters: parameters, 
+            factory: InvokeGetAccessToken, 
+            cancellationToken: cancellationToken).ConfigureAwait(false);
     }
 
+    private async Task<ClientCredentialsToken> InvokeGetAccessToken(string clientName, TokenRequestParameters parameters, CancellationToken cancellationToken)
+    {
+        return await clientCredentialsTokenEndpointService.RequestToken(clientName, parameters, cancellationToken).ConfigureAwait(false);
+    }
 
     /// <inheritdoc/>
     public Task DeleteAccessTokenAsync(
@@ -95,6 +64,6 @@ public Task DeleteAccessTokenAsync(
         CancellationToken cancellationToken = default)
     {
         parameters ??= new TokenRequestParameters();
-        return _tokenCache.DeleteAsync(clientName, parameters, cancellationToken);
+        return tokenCache.DeleteAsync(clientName, parameters, cancellationToken);
     }
 }

access-token-management/src/AccessTokenManagement/DistributedClientCredentialsTokenCache.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Duende Software. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
+using System.Collections.Concurrent;
 using System.Text.Json;
 using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.Logging;
@@ -11,27 +12,19 @@ namespace Duende.AccessTokenManagement;
 /// <summary>
 /// Client access token cache using IDistributedCache
 /// </summary>
-public class DistributedClientCredentialsTokenCache : IClientCredentialsTokenCache
+public class DistributedClientCredentialsTokenCache(
+    IDistributedCache cache,
+    ITokenRequestSynchronization synchronization,
+    IOptions<ClientCredentialsTokenManagementOptions> options,
+    ILogger<DistributedClientCredentialsTokenCache> logger
+    )
+    : IClientCredentialsTokenCache
 {
-    private readonly IDistributedCache _cache;
-    private readonly ILogger<DistributedClientCredentialsTokenCache> _logger;
-    private readonly ClientCredentialsTokenManagementOptions _options;
+    private readonly IDistributedCache _cache = cache;
+    private readonly ITokenRequestSynchronization _synchronization = synchronization;
+    private readonly ILogger<DistributedClientCredentialsTokenCache> _logger = logger;
+    private readonly ClientCredentialsTokenManagementOptions _options = options.Value;
 
-    /// <summary>
-    /// ctor
-    /// </summary>
-    /// <param name="cache"></param>
-    /// <param name="options"></param>
-    /// <param name="logger"></param>
-    public DistributedClientCredentialsTokenCache(
-        IDistributedCache cache, 
-        IOptions<ClientCredentialsTokenManagementOptions> options, 
-        ILogger<DistributedClientCredentialsTokenCache> logger)
-    {
-        _cache = cache;
-        _logger = logger;
-        _options = options.Value;
-    }
 
     /// <inheritdoc/>
     public async Task SetAsync(
@@ -56,6 +49,43 @@ public async Task SetAsync(
         await _cache.SetStringAsync(cacheKey, data, entryOptions, token: cancellationToken).ConfigureAwait(false);
     }
 
+    public async Task<ClientCredentialsToken> GetOrCreateAsync(
+        string clientName, TokenRequestParameters requestParameters,
+        Func<string, TokenRequestParameters, CancellationToken, Task<ClientCredentialsToken>> factory,
+        CancellationToken cancellationToken = default)
+    {
+        ArgumentNullException.ThrowIfNull(clientName);
+
+        var cacheKey = GenerateCacheKey(_options, clientName, requestParameters);
+
+
+        return await _synchronization.SynchronizeAsync(cacheKey, async () =>
+        {
+            var token = await factory(clientName, requestParameters, cancellationToken).ConfigureAwait(false);
+            if (token.IsError)
+            {
+                _logger.LogError(
+                    "Error requesting access token for client {clientName}. Error = {error}.",
+                    clientName, token.Error);
+
+                return token;
+            }
+
+            try
+            {
+                await SetAsync(clientName, token, requestParameters, cancellationToken).ConfigureAwait(false);
+            }
+            catch (Exception e)
+            {
+                _logger.LogError(e,
+                    "Error trying to set token in cache for client {clientName}. Error = {error}",
+                    clientName, e.Message);
+            }
+
+            return token;
+        }).ConfigureAwait(false);
+    }
+
     /// <inheritdoc/>
     public async Task<ClientCredentialsToken?> GetAsync(
         string clientName, 

access-token-management/src/AccessTokenManagement/Interfaces/IClientCredentialsTokenCache.cs

@@ -22,6 +22,12 @@ Task SetAsync(
         TokenRequestParameters requestParameters,
         CancellationToken cancellationToken = default);
 
+    Task<ClientCredentialsToken> GetOrCreateAsync(
+        string clientName,
+        TokenRequestParameters requestParameters,
+        Func<string, TokenRequestParameters, CancellationToken, Task<ClientCredentialsToken>> factory,
+        CancellationToken cancellationToken = default);
+
     /// <summary>
     /// Retrieves a client access token from the cache
     /// </summary>