Expand description
Refresh token orchestration with singleflight guards, CAS rotation, and metrics.
The broker exposes Broker::refresh_access_token so callers can request a fresh
access token for a tenant/principal/scope triple without worrying about
concurrent rotations. Each request acquires a per-StoreKey guard, evaluates
a jittered preemptive window, and either reuses the cached record or performs a
grant_type=refresh_token call. Successful refreshes rotate secrets via
BrokerStore::compare_and_swap_refresh, while invalid_grant/revoked responses
revoke the cached record.
Structsยง
- Refresh
Metrics - Thread-safe counters for refresh attempts.