1 files changed, 24 insertions, 13 deletions

diff --git a/src/zenhttp/httpclient.cpp b/src/zenhttp/httpclient.cpp
index 9f49802a0..3e81d4a8a 100644
--- a/src/zenhttp/httpclient.cpp
+++ b/src/zenhttp/httpclient.cpp
@@ -104,15 +104,10 @@ bool
 HttpClientBase::Authenticate()
 {
 	ZEN_TRACE_CPU("HttpClientBase::Authenticate");
-	std::optional<HttpClientAccessToken> Token = GetAccessToken();
-	if (!Token)
-	{
-		return false;
-	}
-	return Token->IsValid();
+	return GetAccessToken().has_value();
 }
 
-const std::optional<HttpClientAccessToken>
+std::optional<std::string>
 HttpClientBase::GetAccessToken()
 {
 	ZEN_TRACE_CPU("HttpClientBase::GetAccessToken");
@@ -122,18 +117,34 @@ HttpClientBase::GetAccessToken()
 	}
 	{
 		RwLock::SharedLockScope _(m_AccessTokenLock);
-		if (m_CachedAccessToken.IsValid())
+		if (!m_CachedAccessToken.NeedsRefresh())
 		{
-			return m_CachedAccessToken;
+			return m_CachedAccessToken.GetValue();
 		}
 	}
 	RwLock::ExclusiveLockScope _(m_AccessTokenLock);
-	if (m_CachedAccessToken.IsValid())
+	if (!m_CachedAccessToken.NeedsRefresh())
+	{
+		return m_CachedAccessToken.GetValue();
+	}
+	HttpClientAccessToken NewAccessToken = m_ConnectionSettings.AccessTokenProvider.value()();
+	if (NewAccessToken.IsValid())
+	{
+		m_CachedAccessToken = NewAccessToken;
+	}
+	else
 	{
-		return m_CachedAccessToken;
+		if (m_CachedAccessToken.HasExpired())
+		{
+			ZEN_WARN("HttpClient refreshed access token is not valid, clearing the cached token as it has expired");
+			m_CachedAccessToken = {};
+		}
+		else
+		{
+			ZEN_WARN("HttpClient refreshed access token is not valid, keeping existing token, it will expire soon");
+		}
 	}
-	m_CachedAccessToken = m_ConnectionSettings.AccessTokenProvider.value()();
-	return m_CachedAccessToken;
+	return m_CachedAccessToken.GetValue();
 }
 
 //////////////////////////////////////////////////////////////////////////