4.11.2

(fix): Fix a thread-safety bug in the generated OAuth and inferred-auth token caches. OAuthTokenSupplier and InferredAuthTokenSupplier now use double-checked locking with volatile cache fields, so the token/header cache (a singleton shared across all request threads) is refreshed exactly once under concurrent load (single-flight) and cached values are safely published across threads. The cache-hit path stays lock-free. OAuthAuthProvider’s existing double-checked locking is corrected by marking its accessToken/expiresAt fields volatile. No public API changes; generated code remains Java 8 compatible.