}
            return permissions;
        }

        @Override
        public boolean refresh() {
            // MSAL4J handles token refresh internally through silent authentication
            // Check if token is still valid by comparing absolute timestamps
            final long tokenExpiryTime = authResult.expiresOnDate().getTime(); // milliseconds since epoch

    /**
     * The role for this action.
     */
    public static final String ROLE = "admin-accesstoken";

    /**
     * The token parameter.
     */
    public static final String TOKEN = "token";

    /**
     * The expires parameter.
     */
    public static final String EXPIRES = "expires";

    /**
     * The expired time parameter.
     */

     * Gets the server path with access token for API requests.
     *
     * @return the complete server path including the access token
     * @throws FessSystemException if no access token is available
     */
    public String getServerPath() {
        return getSessionManager().getAttribute(Constants.SEARCH_ENGINE_API_ACCESS_TOKEN, String.class)
                .map(token -> ADMIN_SERVER + token)

    }

    /**
     * Gets the OpenID Connect token server URL.
     *
     * @return the token server URL
     */
    protected String getOicTokenServerUrl() {
        return ComponentUtil.getSystemProperties().getProperty(OIC_TOKEN_SERVER_URL, "https://accounts.google.com/o/oauth2/token");
    }

    /**
     * Gets the OpenID Connect redirect URL.
     *

            throw new SsoLoginException("could not validate nonce", e);
        }
    }

    /**
     * Obtains an access token using a refresh token.
     * @param refreshToken The refresh token to use for token acquisition.
     * @return The authentication result containing the access token.
     */
    public IAuthenticationResult getAccessToken(final String refreshToken) {

                case 2:
                    segmentation = values[1];
                case 1:
                    token = values[0];
                default:
                    break;
                }

                id++;
                final KuromojiItem item = new KuromojiItem(id, token, segmentation, reading, pos);
                if (updater != null) {

/**
 * Exception thrown when SSO (Single Sign-On) login operations fail.
 *
 * This exception is used to indicate various SSO authentication failures
 * including configuration errors, authentication token validation failures,
 * communication issues with SSO providers, and other SSO-related problems.
 */
public class SsoLoginException extends FessSystemException {

    /** Serial version UID for serialization compatibility. */

 * of SSO authentication and authorization processes. It extends FessSystemException
 * to provide consistent error handling within the Fess system for SSO-related
 * processing failures such as token validation errors, communication failures
 * with SSO providers, or configuration issues.
 */
public class SsoProcessException extends FessSystemException {

    private static final long serialVersionUID = 1L;

        }
        return roleSet;
    }

    /**
     * Processes the access token.
     * @param request The HTTP request.
     * @param roleSet The set of roles.
     * @param isApiRequest Whether the request is an API request.
     * @return true if the access token is processed, false otherwise.
     */

                readingTokens = null;
            }

            try {
                for (int i = 0; i < tokens.size(); i++) {
                    final AnalyzeToken token = tokens.get(i);
                    final String word = token.getTerm();
                    if (StringUtil.isBlank(word)) {
                        continue;
                    }
                    final String[] words = { word };