oauth2:OutboundOAuth2Provider is not renewing access token when downstream web API returns 403

[madushajg]

Description:
We are using Azure log analytics REST API and authenticate requests using client_credentials grant type with https://login.microsoftonline.com as the token endpoint.
We noticed that Azure log analytics REST API returns an HTTP response with403 status code and the below payload when the token is expired.

{
    "error": {
        "message": "The provided authentication is not valid for this resource",
        "code": "InvalidTokenError",
        "innererror": {
            "code": "InvalidTokenError",
            "message": "Could not validate the request. Challenge failed: TokenExpired"
        }
    }
}

Due to this (not received 401 response), the oauth2:OutboundOAuth2Provider is not attempting to renew the token, instead uses the same expired token.

Affected Versions:
Ballerina Swan Lake Preview 2

[ldclakmal]

@madushajg Shall we verify the issue with the attached .jar in SLP5?

ballerina-oauth2-1.0.1.jar.zip

DEBUG:
ballerina-oauth2-1.0.1.jar.zip

oauth2:ClientCredentialsGrantConfig config = {
    ...
    retryConfig: {
         statusCode: 403
    }
};

isolated function updateOAuth2CacheEntry(....) {
    ...
    if (expiresIn is int) {
        ....
    } else if (expiresIn is string) {
        oauth2CacheEntry.expTime = issueTime = (<int>expiresIn - clockSkewInSeconds) * 1000;
    }
}

[madushajg]

Ack. Will verify with the provided jar.

[madushajg]

@madushajg Shall we verify the issue with the attached .jar in SLP5?

ballerina-oauth2-1.0.1.jar.zip

@ldclakmal The issue is not there with the provided .jar

[ldclakmal]

This issue is fixed with ballerina-platform/module-ballerina-http#142 and no longer valid with the new design.