std::string oauthScopesList(const Protobuf::RepeatedPtrField<std::string>& auth_scopes_protos) {

  std::vector<std::string> scopes;

  if (auth_scopes_protos.empty()) {

    scopes.emplace_back(DEFAULT_AUTH_SCOPE);

  } else {

    scopes.reserve(auth_scopes_protos.size());

    for (const auto& scope : auth_scopes_protos) {

      scopes.emplace_back(scope);

    }

  }

  return absl::StrJoin(scopes, " ");

}

        endpoint_params_protos) {

  std::map<std::string, std::string> params;

  for (const auto& param : endpoint_params_protos) {

    params[param.name()] = param.value();

  }

  return params;

}

    : secret_reader_(secret_reader), tls_(tls.allocateSlot()),

      client_id_(proto_config.client_credentials().client_id()),

      oauth_scopes_(oauthScopesList(proto_config.scopes())),

      endpoint_params_(endpointParamsMap(proto_config.endpoint_params())), dispatcher_(&dispatcher),

      stats_(generateStats(stats_prefix + "oauth2.", scope)),

          proto_config.token_fetch_retry_interval().seconds() > 0

              ? std::chrono::seconds(proto_config.token_fetch_retry_interval().seconds())

              : std::chrono::seconds(2)) {

  timer_ = dispatcher_->createTimer([this]() -> void { asyncGetAccessToken(); });

  ThreadLocalOauth2ClientCredentialsTokenSharedPtr empty(

      new ThreadLocalOauth2ClientCredentialsToken(""));

  tls_->set(

      [empty](Event::Dispatcher&) -> ThreadLocal::ThreadLocalObjectSharedPtr { return empty; });

  oauth2_client_ = std::make_unique<OAuth2ClientImpl>(cm, proto_config.token_endpoint());

  oauth2_client_->setCallbacks(*this);

  asyncGetAccessToken();

}

void TokenProvider::asyncGetAccessToken() {

  if (timer_->enabled()) {

    timer_->disableTimer();

  }

  if (secret_reader_->credential().empty()) {

    ENVOY_LOG(error, "asyncGetAccessToken: client secret is empty, retrying in {} seconds.",

              retry_interval_.count());

    timer_->enableTimer(std::chrono::seconds(retry_interval_));

    stats_.token_fetch_failed_on_client_secret_.inc();

    return;

  }

  auto result = oauth2_client_->asyncGetAccessToken(client_id_, secret_reader_->credential(),

                                                    oauth_scopes_, endpoint_params_);

  if (result == OAuth2Client::GetTokenResult::NotDispatchedAlreadyInFlight) {

  if (result == OAuth2Client::GetTokenResult::NotDispatchedClusterNotFound) {

    ENVOY_LOG(error, "asyncGetAccessToken: OAuth cluster not found. Retrying in {} seconds.",

              retry_interval_.count());

    timer_->enableTimer(std::chrono::seconds(retry_interval_));

    stats_.token_fetch_failed_on_cluster_not_found_.inc();

    return;

  }

  stats_.token_requested_.inc();

  ENVOY_LOG(debug, "asyncGetAccessToken: Dispatched OAuth request for access token.");

}

                                            std::chrono::seconds expires_in) {

  auto token = absl::StrCat("Bearer ", access_token);

  ThreadLocalOauth2ClientCredentialsTokenSharedPtr value(

      new ThreadLocalOauth2ClientCredentialsToken(token));

  tls_->set(

      [value](Event::Dispatcher&) -> ThreadLocal::ThreadLocalObjectSharedPtr { return value; });

  stats_.token_fetched_.inc();

  ENVOY_LOG(debug, "onGetAccessTokenSuccess: Token fetched successfully, expires in {} seconds.",

            expires_in.count());

  if (timer_->enabled()) {

    return;

  }

  timer_->enableTimer(expires_in / 2);

}

void TokenProvider::onGetAccessTokenFailure(FailureReason failure_reason) {

  ENVOY_LOG(error, "onGetAccessTokenFailure: Failed to get access token");

  bool retry = true;

  switch (failure_reason) {

  case FailureReason::StreamReset:

    stats_.token_fetch_failed_on_stream_reset_.inc();

    break;

  case FailureReason::BadToken:

    stats_.token_fetch_failed_on_bad_token_.inc();

    retry = false;

    break;

  case FailureReason::BadResponseCode:

    stats_.token_fetch_failed_on_bad_response_code_.inc();

    break;

  }

  if (!retry) {

    return;

  }

  if (timer_->enabled()) {

    return;

  }

  timer_->enableTimer(retry_interval_);

}

const std::string& TokenProvider::credential() const { return threadLocal().token(); }