Update default token refresh rate (#2617)

* Update token refresh rate to new defaults.

* Update tests.

Author: rosalyntan

appcheck/firebase-appcheck/src/main/java/com/google/firebase/appcheck/internal/DefaultAppCheckToken.java

@@ -96,12 +96,10 @@ public long getExpireTimeMillis() {
     return receivedAtTimestamp + expiresInMillis;
   }
 
-  @VisibleForTesting
   long getReceivedAtTimestamp() {
     return receivedAtTimestamp;
   }
 
-  @VisibleForTesting
   long getExpiresInMillis() {
     return expiresInMillis;
   }

appcheck/firebase-appcheck/src/main/java/com/google/firebase/appcheck/internal/TokenRefreshManager.java

@@ -29,7 +29,8 @@
 public final class TokenRefreshManager {
 
   private static final long REFRESH_BUFFER_ABSOLUTE_MILLIS = 60 * 1000; // 60 seconds
-  private static final double REFRESH_BUFFER_FRACTION = 0.9;
+  private static final double REFRESH_BUFFER_FRACTION = 0.5;
+  private static final long FIVE_MINUTES_IN_MILLIS = 5 * 60 * 1000;
   private static final long UNSET_REFRESH_TIME = -1;
 
   private final DefaultTokenRefresher tokenRefresher;
@@ -84,13 +85,16 @@ public void maybeScheduleTokenRefresh(@NonNull AppCheckToken token) {
       defaultToken = DefaultAppCheckToken.constructFromRawToken(token.getToken());
     }
 
-    // The next refresh time is either receivedAt + 0.9*expiresIn or 60 seconds before expiration,
-    // whichever is earlier.
+    // The next refresh time is receivedAt + 0.5*expiresIn + 5 minutes.
     nextRefreshTimeMillis =
-        Math.min(
-            defaultToken.getReceivedAtTimestamp()
-                + (long) (REFRESH_BUFFER_FRACTION * defaultToken.getExpiresInMillis()),
-            defaultToken.getExpireTimeMillis() - REFRESH_BUFFER_ABSOLUTE_MILLIS);
+        defaultToken.getReceivedAtTimestamp()
+            + (long) (REFRESH_BUFFER_FRACTION * defaultToken.getExpiresInMillis())
+            + FIVE_MINUTES_IN_MILLIS;
+    if (nextRefreshTimeMillis > defaultToken.getExpireTimeMillis()) {
+      // This shouldn't happen, as the minimum allowed TTL should be at least 15 minutes, but adding
+      // this check to be safe.
+      nextRefreshTimeMillis = defaultToken.getExpireTimeMillis() - REFRESH_BUFFER_ABSOLUTE_MILLIS;
+    }
     if (shouldScheduleRefresh()) {
       tokenRefresher.scheduleRefresh(nextRefreshTimeMillis - clock.currentTimeMillis());
     }

appcheck/firebase-appcheck/src/test/java/com/google/firebase/appcheck/internal/TokenRefreshManagerTest.java

@@ -36,7 +36,7 @@ public class TokenRefreshManagerTest {
   private static final String TOKEN_PAYLOAD = "tokenPayload";
   private static final long EXPIRES_IN_ONE_HOUR_MILLIS = 60L * 60L * 1000L;
   private static final long EXPIRE_IN_THREE_MINUTES_MILLIS = 3L * 60L * 1000L;
-  private static final long NINE_TENTHS_HOUR_MILLIS = 3240000L; // 0.9 * 1 hour
+  private static final long THIRTY_FIVE_MINUTES_MILLIS = 35L * 60L * 1000L;
   private static final long TWO_MINUTES_MILLIS = 2L * 60L * 1000L;
   private static final long CURRENT_TIME_MILLIS = 1000L;
 
@@ -73,11 +73,14 @@ public void maybeScheduleTokenRefresh_useExpirationTimeFractionBuffer() {
     tokenRefreshManager.onListenerCountChanged(/* newListenerCount= */ 1);
     tokenRefreshManager.maybeScheduleTokenRefresh(expiresInOneHourToken);
 
-    verify(mockTokenRefresher).scheduleRefresh(NINE_TENTHS_HOUR_MILLIS);
+    verify(mockTokenRefresher).scheduleRefresh(THIRTY_FIVE_MINUTES_MILLIS);
   }
 
   @Test
   public void maybeScheduleTokenRefresh_useExpirationTimeAbsoluteBuffer() {
+    // This should not occur, as the minimum TTL should be at least 15 minutes, but this test case
+    // checks to make sure that in the case we receive a shorter-than-expected TTL from the backend,
+    // we handle it gracefully.
     DefaultAppCheckToken expiresInThreeMinutesToken =
         new DefaultAppCheckToken(
             TOKEN_PAYLOAD, EXPIRE_IN_THREE_MINUTES_MILLIS, mockClock.currentTimeMillis());