From 59bc08385515997a34fe2b4b3cbbfd03dd9a7c5b Mon Sep 17 00:00:00 2001
From: Dan Engelbrecht <dan.engelbrecht@epicgames.com>
Date: Wed, 18 Mar 2026 22:28:14 +0100
Subject: improve auth token refresh (#863)

Authentication callbacks are not thread safe, ensured call sites does single threaded calls
---
 src/zenhttp/httpclientauth.cpp | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

(limited to 'src/zenhttp/httpclientauth.cpp')

diff --git a/src/zenhttp/httpclientauth.cpp b/src/zenhttp/httpclientauth.cpp
index 02e1b57e2..6a3f18b7a 100644
--- a/src/zenhttp/httpclientauth.cpp
+++ b/src/zenhttp/httpclientauth.cpp
@@ -33,8 +33,7 @@ namespace zen { namespace httpclientauth {
 
 	std::function<HttpClientAccessToken()> CreateFromStaticToken(std::string_view Token)
 	{
-		return CreateFromStaticToken(
-			HttpClientAccessToken{.Value = fmt::format("Bearer {}"sv, Token), .ExpireTime = HttpClientAccessToken::TimePoint::max()});
+		return CreateFromStaticToken(HttpClientAccessToken(fmt::format("Bearer {}"sv, Token), HttpClientAccessToken::TimePoint::max()));
 	}
 
 	std::function<HttpClientAccessToken()> CreateFromOAuthClientCredentials(const OAuthClientCredentialsParams& Params)
@@ -74,7 +73,7 @@ namespace zen { namespace httpclientauth {
 			int64_t							 ExpiresInSeconds = static_cast<int64_t>(Json["expires_in"].int_value());
 			HttpClientAccessToken::TimePoint ExpireTime		  = HttpClientAccessToken::Clock::now() + seconds(ExpiresInSeconds);
 
-			return HttpClientAccessToken{.Value = fmt::format("Bearer {}"sv, Token), .ExpireTime = ExpireTime};
+			return HttpClientAccessToken(fmt::format("Bearer {}"sv, Token), ExpireTime);
 		};
 	}
 
@@ -82,7 +81,7 @@ namespace zen { namespace httpclientauth {
 	{
 		return [&AuthManager = AuthManager, OpenIdProvider = std::string(OpenIdProvider)]() {
 			AuthMgr::OpenIdAccessToken Token = AuthManager.GetOpenIdAccessToken(OpenIdProvider);
-			return HttpClientAccessToken{.Value = Token.AccessToken, .ExpireTime = Token.ExpireTime};
+			return HttpClientAccessToken(Token.AccessToken, Token.ExpireTime);
 		};
 	}
 
@@ -172,7 +171,7 @@ namespace zen { namespace httpclientauth {
 			HttpClientAccessToken::TimePoint ExpireTime = std::chrono::system_clock::from_time_t(UTCTime);
 			ExpireTime += std::chrono::milliseconds(Millisecond);
 
-			return HttpClientAccessToken{.Value = fmt::format("Bearer {}"sv, Token), .ExpireTime = ExpireTime};
+			return HttpClientAccessToken(fmt::format("Bearer {}"sv, Token), ExpireTime);
 		}
 		else
 		{
@@ -192,16 +191,15 @@ namespace zen { namespace httpclientauth {
 		{
 			return [OidcExecutablePath = std::filesystem::path(OidcExecutablePath),
 					CloudHost		   = std::string(CloudHost),
+					Token			   = InitialToken,
 					Quiet,
-					Hidden,
-					InitialToken]() mutable {
-				if (InitialToken.IsValid())
+					Unattended,
+					Hidden]() mutable {
+				if (!Token.NeedsRefresh())
 				{
-					HttpClientAccessToken Result = InitialToken;
-					InitialToken				 = {};
-					return Result;
+					return std::move(Token);
 				}
-				return GetOidcTokenFromExe(OidcExecutablePath, CloudHost, /* Unattended */ true, Quiet, Hidden);
+				return GetOidcTokenFromExe(OidcExecutablePath, CloudHost, Unattended, Quiet, Hidden);
 			};
 		}
 		return {};
-- 
cgit v1.2.3