I have an ASP.NET MVC-application which is storing a JWT-token and a refresh token from my Web API in Session. My question is what to do when the JWT-token expires and it is time to refresh it. As I see it my two options are:
Try to make a request to the Web API using the JWT-token and if it returns 401 Unauthorized, try refreshing the JWT-token.
Using a timer to automatically refresh the JWT-token before it expires.
What are advantages of using either of these two methods, and how can I programatically implement them in an easy way? For example, do I have to use a try and catch for every call to the API if i use option 1?
I decided to go with option 2 in order to minimize the number of calls to the API. I then created a base controller class with a HttpClient factory method, which also checks if the JWT is about to expire:
public HttpClient GetHttpClient(string baseAdress)
{
var client = new HttpClient();
client.BaseAddress = new Uri(baseAdress);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
string token;
if (Session["access_token"] != null)
{
var jwthandler = new JwtSecurityTokenHandler();
var jwttoken = jwthandler.ReadToken(Session["access_token"] as string);
var expDate = jwttoken.ValidTo;
if (expDate < DateTime.UtcNow.AddMinutes(1))
token = GetAccessToken().Result;
else
token = Session["access_token"] as string;
}
else
{
token = GetAccessToken().Result;
}
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
Session["access_token"] = token;
return client;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With