From f4189d9a4dcaa05cec2429b7ef55959dcee3c078 Mon Sep 17 00:00:00 2001
From: siddhijain <siddhijain@microsoft.com>
Date: Thu, 13 Apr 2023 20:53:02 -0500
Subject: [PATCH 1/3] add refresh_in logic

---
 .../aad/msal4j/AcquireTokenByAppProviderSupplier.java      | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
index 1afa2d7d..6ee9f11b 100644
--- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
@@ -35,6 +35,13 @@ private static void validateTokenProviderResult(TokenProviderResult tokenProvide
         if (null == tokenProviderResult.getTenantId() || tokenProviderResult.getTenantId().isEmpty()) {
             handleInvalidExternalValueError(tokenProviderResult.getTenantId());
         }
+
+        if (0 == tokenProviderResult.getRefreshInSeconds()){
+            long expireInSeconds = tokenProviderResult.getExpiresInSeconds();
+            if(expireInSeconds >= TWO_HOURS){
+                tokenProviderResult.setRefreshInSeconds(expireInSeconds/2);
+            }
+        }
     }
 
     private static void handleInvalidExternalValueError(String nameOfValue) {

From 98ef236a8afbcc8cdc77bbb48b3c93ccac7067f3 Mon Sep 17 00:00:00 2001
From: siddhijain <siddhijain@microsoft.com>
Date: Fri, 14 Apr 2023 10:38:54 -0500
Subject: [PATCH 2/3] resolve build issues + address PR comments

---
 .../aad/msal4j/AcquireTokenByAppProviderSupplier.java       | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
index 6ee9f11b..4966f0de 100644
--- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
@@ -11,6 +11,8 @@
  */
 class AcquireTokenByAppProviderSupplier extends AuthenticationResultSupplier {
 
+    private static final int TWO_HOURS = 2*3600;
+
     private AppTokenProviderParameters appTokenProviderParameters;
 
     private ClientCredentialRequest clientCredentialRequest;
@@ -23,7 +25,7 @@ class AcquireTokenByAppProviderSupplier extends AuthenticationResultSupplier {
         this.appTokenProviderParameters = appTokenProviderParameters;
     }
 
-    private static void validateTokenProviderResult(TokenProviderResult tokenProviderResult) {
+    private static void validateAndUpdateTokenProviderResult(TokenProviderResult tokenProviderResult) {
         if (null == tokenProviderResult.getAccessToken() || tokenProviderResult.getAccessToken().isEmpty()) {
             handleInvalidExternalValueError(tokenProviderResult.getAccessToken());
         }
@@ -77,7 +79,7 @@ public AuthenticationResult fetchTokenUsingAppTokenProvider(AppTokenProviderPara
             throw new MsalAzureSDKException(ex);
         }
 
-        validateTokenProviderResult(tokenProviderResult);
+        validateAndUpdateTokenProviderResult(tokenProviderResult);
 
         return AuthenticationResult.builder()
                 .accessToken(tokenProviderResult.getAccessToken())

From db6fad5c9b42c78ae04c31a79da631f83c01d221 Mon Sep 17 00:00:00 2001
From: siddhijain <siddhijain@microsoft.com>
Date: Fri, 14 Apr 2023 12:48:13 -0500
Subject: [PATCH 3/3] update tests

---
 .../ConfidentialClientApplicationUnitT.java    | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java
index 66d35c27..5624c60c 100644
--- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java
@@ -318,6 +318,7 @@ public void validateAppTokenProviderAsync() throws Exception{
         IClientCredential iClientCredential = ClientCredentialFactory.createFromClientAssertion(
                 clientAssertion.assertion());
 
+        Long refreshInSeconds = new Date().getTime() / 1000 + + 800000;
         //builds client with AppTokenProvider
         ConfidentialClientApplication cca = ConfidentialClientApplication.
                 builder(TestConfiguration.AAD_CLIENT_ID, iClientCredential)
@@ -325,7 +326,7 @@ public void validateAppTokenProviderAsync() throws Exception{
                     Assert.assertNotNull(parameters.scopes);
                     Assert.assertNotNull(parameters.correlationId);
                     Assert.assertNotNull(parameters.tenantId);
-                    return getAppTokenProviderResult("/default");
+                    return getAppTokenProviderResult("/default", refreshInSeconds);
                 })
                 .build();
 
@@ -338,6 +339,10 @@ public void validateAppTokenProviderAsync() throws Exception{
         Assert.assertNotNull(result1.accessToken());
 
         Assert.assertEquals(cca.tokenCache.accessTokens.size(), 1);
+        //check that refreshOn is set correctly when provided by an app developer
+        Assert.assertNotNull(cca.tokenCache.accessTokens.values().iterator().next().refreshOn());
+        Assert.assertEquals(cca.tokenCache.accessTokens.values().iterator().next().refreshOn(), refreshInSeconds.toString());
+        System.out.println(cca.tokenCache.accessTokens.values().iterator().next().refreshOn());
 
         //Acquire token from cache
 
@@ -356,7 +361,7 @@ public void validateAppTokenProviderAsync() throws Exception{
                     Assert.assertNotNull(parameters.scopes);
                     Assert.assertNotNull(parameters.correlationId);
                     Assert.assertNotNull(parameters.tenantId);
-                    return getAppTokenProviderResult("/newScope");
+                    return getAppTokenProviderResult("/newScope", 0L);
                 })
                 .build();
 
@@ -369,17 +374,20 @@ public void validateAppTokenProviderAsync() throws Exception{
 
         Assert.assertNotEquals(result2.accessToken(), result3.accessToken());
         Assert.assertEquals(cca.tokenCache.accessTokens.size(), 1);
-
+        //check that refreshOn is set correctly when a value is not provided by an app developer
+        Assert.assertNotNull(cca.tokenCache.accessTokens.values().iterator().next().refreshOn());
+        System.out.println(cca.tokenCache.accessTokens.values().iterator().next().refreshOn());
     }
 
-    private CompletableFuture<TokenProviderResult> getAppTokenProviderResult(String differentScopesForAt)
+    private CompletableFuture<TokenProviderResult> getAppTokenProviderResult(String differentScopesForAt,
+                                                                             long refreshInSeconds)
     {
         long currTimestampSec = new Date().getTime() / 1000;
         TokenProviderResult token = new TokenProviderResult();
         token.setAccessToken(TestConstants.DEFAULT_ACCESS_TOKEN + differentScopesForAt); //Used to indicate that there is a new access token for a different set of scopes
         token.setTenantId("tenantId");
         token.setExpiresInSeconds(currTimestampSec + 1000000);
-        token.setRefreshInSeconds(currTimestampSec + 800000);
+        token.setRefreshInSeconds(refreshInSeconds);
 
         return CompletableFuture.completedFuture(token);
     }