added changelog and a test

Author: Divyansh-db

NEXT_CHANGELOG.md

@@ -8,6 +8,8 @@
   refresh tokens by default (by adding the `offline_access` scope) in OAuth exchanges. This 
   option does not remove the scope from the user provided scopes if present.
 
+* Fix 'external-browser' auth type to use the token if it is valid instead of forceful refresh everytime.
+
 ### Bug Fixes
 
 ### Documentation

databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProviderTest.java

@@ -246,45 +246,45 @@ void sessionCredentials() throws IOException {
   // Token caching tests
 
   @Test
-  void cacheWithValidTokenTest() throws IOException {
-    // Create mock HTTP client (shouldn't be called for valid token)
+  void cacheWithValidRefreshableTokenTest() throws IOException {
+    // Create mock HTTP client (shouldn't be called for valid token).
     HttpClient mockHttpClient = Mockito.mock(HttpClient.class);
 
-    // Create a valid token with valid refresh token (expires in 1 hour - FRESH state)
+    // Create a valid token with valid refresh token (expires in 1 hour - FRESH state).
     Instant futureTime = Instant.now().plusSeconds(3600);
     Token validToken = new Token("valid_access_token", "Bearer", "valid_refresh_token", futureTime);
 
-    // Create mock token cache that returns the valid token
+    // Create mock token cache that returns the valid token.
     TokenCache mockTokenCache = Mockito.mock(TokenCache.class);
     Mockito.doReturn(validToken).when(mockTokenCache).load();
 
-    // Create config with HTTP client and mock token cache
+    // Create config with HTTP client and mock token cache.
     DatabricksConfig config =
         new DatabricksConfig()
             .setAuthType("external-browser")
             .setHost("https://test.databricks.com")
             .setClientId("test-client-id")
             .setHttpClient(mockHttpClient);
 
-    // We need to provide OIDC endpoints
+    // We need to provide OIDC endpoints.
     OpenIDConnectEndpoints endpoints =
         new OpenIDConnectEndpoints(
             "https://test.databricks.com/oidc/v1/token",
             "https://test.databricks.com/oidc/v1/authorize");
 
-    // Create our provider with the mock token cache
+    // Create our provider with the mock token cache.
     ExternalBrowserCredentialsProvider provider =
         Mockito.spy(new ExternalBrowserCredentialsProvider(mockTokenCache));
 
-    // Spy on the config to inject the endpoints
+    // Spy on the config to inject the endpoints.
     DatabricksConfig spyConfig = Mockito.spy(config);
     Mockito.doReturn(endpoints).when(spyConfig).getOidcEndpoints();
 
-    // Configure provider
+    // Configure provider.
     HeaderFactory headerFactory = provider.configure(spyConfig);
     assertNotNull(headerFactory, "HeaderFactory should be created");
 
-    // Verify headers contain the CACHED valid token (no refresh needed!)
+    // Verify headers contain the CACHED valid token (no refresh needed!).
     Map<String, String> headers = headerFactory.headers();
     assertEquals(
         "Bearer valid_access_token",
@@ -294,18 +294,78 @@ void cacheWithValidTokenTest() throws IOException {
     // Verify token was loaded from cache
     Mockito.verify(mockTokenCache, Mockito.times(1)).load();
 
-    // Verify NO HTTP call was made (token is still valid, no refresh needed)
+    // Verify NO HTTP call was made (token is still valid, no refresh needed).
     Mockito.verify(mockHttpClient, Mockito.never()).execute(any(Request.class));
 
-    // Verify performBrowserAuth was NOT called since cached token is valid
+    // Verify performBrowserAuth was NOT called since cached token is valid.
     Mockito.verify(provider, Mockito.never())
         .performBrowserAuth(
             any(DatabricksConfig.class),
             any(String.class),
             any(String.class),
             any(TokenCache.class));
 
-    // Verify token was NOT saved back to cache (we're using the cached one as-is)
+    // Verify token was NOT saved back to cache (we're using the cached one as-is).
+    Mockito.verify(mockTokenCache, Mockito.never()).save(any(Token.class));
+  }
+
+  @Test
+  void cacheWithValidNonRefreshableTokenTest() throws IOException {
+    // Create mock HTTP client (shouldn't be called for valid token).
+    HttpClient mockHttpClient = Mockito.mock(HttpClient.class);
+
+    // Create a valid token WITHOUT refresh token (expires in 1 hour - FRESH state).
+    Instant futureTime = Instant.now().plusSeconds(3600);
+    Token validTokenNoRefresh = new Token("valid_access_token", "Bearer", null, futureTime);
+
+    // Create mock token cache that returns the valid token.
+    TokenCache mockTokenCache = Mockito.mock(TokenCache.class);
+    Mockito.doReturn(validTokenNoRefresh).when(mockTokenCache).load();
+
+    // Create config with HTTP client and mock token cache.
+    DatabricksConfig config =
+        new DatabricksConfig()
+            .setAuthType("external-browser")
+            .setHost("https://test.databricks.com")
+            .setClientId("test-client-id")
+            .setHttpClient(mockHttpClient);
+
+    // We need to provide OIDC endpoints.
+    OpenIDConnectEndpoints endpoints =
+        new OpenIDConnectEndpoints(
+            "https://test.databricks.com/oidc/v1/token",
+            "https://test.databricks.com/oidc/v1/authorize");
+
+    // Create our provider with the mock token cache.
+    ExternalBrowserCredentialsProvider provider =
+        Mockito.spy(new ExternalBrowserCredentialsProvider(mockTokenCache));
+
+    // Spy on the config to inject the endpoints.
+    DatabricksConfig spyConfig = Mockito.spy(config);
+    Mockito.doReturn(endpoints).when(spyConfig).getOidcEndpoints();
+
+    // Configure provider.
+    HeaderFactory headerFactory = provider.configure(spyConfig);
+    assertNotNull(headerFactory, "HeaderFactory should be created");
+
+    // Verify headers contain the cached token (NOT browser auth!).
+    Map<String, String> headers = headerFactory.headers();
+    assertEquals(
+        "Bearer valid_access_token",
+        headers.get("Authorization"),
+        "Should use cached valid token even without refresh token");
+
+    // Verify token was loaded from cache.
+    Mockito.verify(mockTokenCache, Mockito.times(1)).load();
+
+    // Verify NO HTTP call was made (token is still valid, no refresh needed).
+    Mockito.verify(mockHttpClient, Mockito.never()).execute(any(Request.class));
+
+    // Verify performBrowserAuth was NOT called.
+    Mockito.verify(provider, Mockito.never())
+        .performBrowserAuth(any(DatabricksConfig.class), any(), any(), any(TokenCache.class));
+
+    // Verify no token was saved (we're using the cached one as-is).
     Mockito.verify(mockTokenCache, Mockito.never()).save(any(Token.class));
   }