given that we eventually want to share this thread pool, I wonder whether the default should be higher

I think 1 is fine. Most of the time, we'll have only 1 auth manager per JVM, and sometimes 2 (e.g. request signing + credential refreshing) – but realistically, I think we won't see more than 2 per JVM. Given that the typical usage of this executor is to schedule token refreshes every hour or so, 1 is probably fine (also: this is the core pool size, not the maximum pool size). Wdyt?

ah right, yeah ok I think 1 should be fine then

if we're deprecating this class, then I don't think we should be removing functionality here?

in fact I believe we should only be deprecating this here without updating the functionality (as that would be a breaking change). Once RefreshingAuthManager is removed, we can switch the OAuth2Manager to use the new auth refresh pool, but I don't think we can deprecate + switch within the same release

@nastra I don't mind doing the change in 2 steps, but in which case do you think this would be a breaking change? The API is not affected (and revapi didn't complain).

what if somebody else from the community is extending RefreshingAuthManager and relying on its functionality? We're effectively removing the "refresh" part, which is a breaking change in behavior, even though RevAPI wasn't complaining

What we can do though, is revert the changes to RefreshingAuthManager just in case someone is extending that class.

Sorry I commented before I saw your comment 😅 – I agree that's an issue.

What we can do though, is revert the changes to RefreshingAuthManager just in case someone is extending that class.

Yes that's what I was proposing in my earlier comment