Token create method in AccessTokenDataBinderImpl[1] is not thread safe. This could result in several problems including
- Exist 2 different access token for a particular user at a given time which may result in an exception thrown by method call[2] since it expects a single token a given user.
In addition to that token replace is implemented as a combination of 2 different functionalities. Since the method is not thread safe this may cause some unexpected behaviors (since there can be 2 tokens exist for a particular user. same scenario as above).
- links to