Bug 2006638 - Add use_cache param to get_access_token

Removed the `ttl` param, since multiple optional positional args can get
weird.  I took a look at searchfox and firefox-ios and there didn't seem
to be any consumers using the `ttl` param.

Alternatively, we could input an `options` struct with multiple optional
params.  I didn't go this way because I didn't see anyone actually
setting the `ttl` param, but maybe I'm missing something.

Author: bendk

CHANGELOG.md

@@ -2,9 +2,20 @@
 
 [Full Changelog](In progress)
 
+## ⚠️ Breaking Changes ⚠️
+
+### Fxa Client
+- Removed the optional `ttl` paramater to `get_access_token`.  In practice, no consumers were using this.
+
+## ✨ What's New ✨
+
 ### Ads Client
 - Add agnostic telemetry support (compatible with Glean)
 
+### Fxa Client
+- Added optional `use_cache` paramater to `get_access_token`.  Set this to `false` to force
+  requesting a new token.
+
 # v147.0 (_2025-12-07_)
 
 ### Relay

components/fxa-client/src/fxa_client.udl

@@ -636,7 +636,7 @@ interface FirefoxAccount {
   ///    - `scope` - the OAuth scope to be granted by the token.
   ///        - This must be one of the scopes requested during the signin flow.
   ///        - Only a single scope is supported; for multiple scopes request multiple tokens.
-  ///    - `ttl` - optionally, the time for which the token should be valid, in seconds.
+  ///    - `use_cache` - optionally set to false to force a new token request.
   ///
   /// # Notes
   ///
@@ -645,7 +645,7 @@ interface FirefoxAccount {
   ///      before requesting a fresh token.
   ///
   [Throws=FxaError]
-  AccessTokenInfo get_access_token([ByRef] string scope,  optional i64? ttl = null);
+  AccessTokenInfo get_access_token([ByRef] string scope, optional boolean use_cache = true);
 
   /// Get the session token for the user's account, if one is available.
   ///

components/fxa-client/src/internal/oauth.rs

@@ -38,18 +38,20 @@ impl FirefoxAccount {
     /// using `begin_oauth_flow`.
     ///
     /// * `scopes` - Space-separated list of requested scopes.
-    /// * `ttl` - the ttl in seconds of the token requested from the server.
+    /// * `use_cache` - optionally set to false to force a new token request.
     ///
     /// **💾 This method may alter the persisted account state.**
-    pub fn get_access_token(&mut self, scope: &str, ttl: Option<u64>) -> Result<AccessTokenInfo> {
+    pub fn get_access_token(&mut self, scope: &str, use_cache: bool) -> Result<AccessTokenInfo> {
         if scope.contains(' ') {
             return Err(Error::MultipleScopesRequested);
         }
-        if let Some(oauth_info) = self.state.get_cached_access_token(scope) {
-            if oauth_info.expires_at > util::now_secs() + OAUTH_MIN_TIME_LEFT {
-                // If the cached key is missing the required sync scoped key, try to fetch it again
-                if oauth_info.check_missing_sync_scoped_key().is_ok() {
-                    return Ok(oauth_info.clone());
+        if use_cache {
+            if let Some(oauth_info) = self.state.get_cached_access_token(scope) {
+                if oauth_info.expires_at > util::now_secs() + OAUTH_MIN_TIME_LEFT {
+                    // If the cached key is missing the required sync scoped key, try to fetch it again
+                    if oauth_info.check_missing_sync_scoped_key().is_ok() {
+                        return Ok(oauth_info.clone());
+                    }
                 }
             }
         }
@@ -59,7 +61,7 @@ impl FirefoxAccount {
                     self.client.create_access_token_using_refresh_token(
                         self.state.config(),
                         &refresh_token.token,
-                        ttl,
+                        None,
                         &[scope],
                     )?
                 } else {

components/fxa-client/src/internal/profile.rs

@@ -45,7 +45,7 @@ impl FirefoxAccount {
             }
             etag = Some(cached_profile.etag.clone());
         }
-        let profile_access_token = self.get_access_token(scopes::PROFILE, None)?.token;
+        let profile_access_token = self.get_access_token(scopes::PROFILE, true)?.token;
         match self
             .client
             .get_profile(self.state.config(), &profile_access_token, etag)?

components/fxa-client/src/token.rs

@@ -18,7 +18,7 @@
 use crate::{ApiResult, Error, FirefoxAccount};
 use error_support::handle_error;
 use serde_derive::*;
-use std::convert::{TryFrom, TryInto};
+use std::convert::TryInto;
 
 impl FirefoxAccount {
     /// Get a short-lived OAuth access token for the user's account.
@@ -37,20 +37,18 @@ impl FirefoxAccount {
     ///    - `scope` - the OAuth scope to be granted by the token.
     ///        - This must be one of the scopes requested during the signin flow.
     ///        - Only a single scope is supported; for multiple scopes request multiple tokens.
-    ///    - `ttl` - optionally, the time for which the token should be valid, in seconds.
+    ///    - `use_cache` - optionally set to false to force a new token request.
     ///
     /// # Notes
     ///
     ///    - If the application receives an authorization error when trying to use the resulting
     ///      token, it should call [`clear_access_token_cache`](FirefoxAccount::clear_access_token_cache)
     ///      before requesting a fresh token.
     #[handle_error(Error)]
-    pub fn get_access_token(&self, scope: &str, ttl: Option<i64>) -> ApiResult<AccessTokenInfo> {
-        // Signedness converstion for Kotlin compatibility :-/
-        let ttl = ttl.map(|ttl| u64::try_from(ttl).unwrap_or_default());
+    pub fn get_access_token(&self, scope: &str, use_cache: bool) -> ApiResult<AccessTokenInfo> {
         self.internal
             .lock()
-            .get_access_token(scope, ttl)?
+            .get_access_token(scope, use_cache)?
             .try_into()
     }