Python OAuth sliding window drift causing 401s on WEM poller

Sliding window refresh logic drifts on the WEM adherence poller, causing 401s right before TTL expiry. JWT scope passes local checks but API returns 401 Unauthorized.

def refresh_token():
 if cache.get('token') and time.time() < expiry - SLIDING_BUFFER:
 return cache['token']
 resp = requests.post(TOKEN_ENDPOINT, data=REFRESH_PAYLOAD)
 if resp.status_code == 401:
 log_anomaly("INTROSPECTION_MISMATCH")
 return None

In-memory TTL store handles caching while CLIENT_SECRET comes from ENV_VARS. TOKEN_PROVIDER shares the session across SDKs. Sliding window math breaks after 4 hours. Token doesn’t renew. Cache drops the token early.