From c0dfd944fc9d4fd9d6ee3283b035104409a8dbee Mon Sep 17 00:00:00 2001
From: Yoshani <yoshani.malinka@gmail.com>
Date: Wed, 13 Dec 2023 19:19:50 +0530
Subject: [PATCH] synchronize persisting token

---
 .../AbstractAuthorizationGrantHandler.java    |  2 +-
 .../handlers/grant/RefreshGrantHandler.java   | 46 ++++++++++++-------
 2 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java
index e8104d39f2e..a3257acb6fd 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java
@@ -1079,7 +1079,7 @@ private boolean hasValidationByApplicationScopeValidatorsFailed(OAuthTokenReqMes
      * @param tokReqMsgCtx OAuthTokenReqMessageContext.
      * @return token binding reference.
      */
-    private String getTokenBindingReference(OAuthTokenReqMessageContext tokReqMsgCtx) {
+    protected String getTokenBindingReference(OAuthTokenReqMessageContext tokReqMsgCtx) {
 
         if (tokReqMsgCtx.getTokenBinding() == null) {
             if (log.isDebugEnabled()) {
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java
index 051b2369984..a23952fad78 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java
@@ -115,22 +115,36 @@ public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx)
 
         AccessTokenDO accessTokenBean = getRefreshTokenGrantProcessor()
                 .createAccessTokenBean(tokReqMsgCtx, tokenReq, validationBean, getTokenType());
-        // sets accessToken, refreshToken and validity data
-        setTokenData(accessTokenBean, tokReqMsgCtx, validationBean, tokenReq, accessTokenBean.getIssuedTime());
-        persistNewToken(tokReqMsgCtx, accessTokenBean, tokenReq.getClientId());
-        if (log.isDebugEnabled()) {
-            log.debug("Persisted an access token for the refresh token, " +
-                    "Client ID : " + tokenReq.getClientId() +
-                    ", Authorized user : " + tokReqMsgCtx.getAuthorizedUser() +
-                    ", Timestamp : " + accessTokenBean.getIssuedTime() +
-                    ", Validity period (s) : " + accessTokenBean.getValidityPeriod() +
-                    ", Scope : " + OAuth2Util.buildScopeString(tokReqMsgCtx.getScope()) +
-                    ", Token State : " + OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE +
-                    " and User Type : " + getTokenType());
-        }
-
-        setTokenDataToMessageContext(tokReqMsgCtx, accessTokenBean);
-        addUserAttributesToCache(accessTokenBean, tokReqMsgCtx);
+
+        String scope = OAuth2Util.buildScopeString(tokReqMsgCtx.getScope());
+        String consumerKey = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
+        String authorizedUserId;
+        try {
+            authorizedUserId = tokReqMsgCtx.getAuthorizedUser().getUserId();
+        } catch (UserIdNotFoundException e) {
+            throw new IdentityOAuth2Exception("User id is not available for user: "
+                    + tokReqMsgCtx.getAuthorizedUser().getLoggableMaskedUserId(), e);
+        }
+        String tokenBindingReference = getTokenBindingReference(tokReqMsgCtx);
+        synchronized ((consumerKey + ":" + authorizedUserId + ":" + scope + ":" + tokenBindingReference).intern()) {
+            // sets accessToken, refreshToken and validity data
+            setTokenData(accessTokenBean, tokReqMsgCtx, validationBean, tokenReq, accessTokenBean.getIssuedTime());
+            persistNewToken(tokReqMsgCtx, accessTokenBean, tokenReq.getClientId());
+
+            if (log.isDebugEnabled()) {
+                log.debug("Persisted an access token for the refresh token, " +
+                        "Client ID : " + tokenReq.getClientId() +
+                        ", Authorized user : " + tokReqMsgCtx.getAuthorizedUser() +
+                        ", Timestamp : " + accessTokenBean.getIssuedTime() +
+                        ", Validity period (s) : " + accessTokenBean.getValidityPeriod() +
+                        ", Scope : " + OAuth2Util.buildScopeString(tokReqMsgCtx.getScope()) +
+                        ", Token State : " + OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE +
+                        " and User Type : " + getTokenType());
+            }
+
+            setTokenDataToMessageContext(tokReqMsgCtx, accessTokenBean);
+            addUserAttributesToCache(accessTokenBean, tokReqMsgCtx);
+        }
         return buildTokenResponse(tokReqMsgCtx, accessTokenBean);
     }