3

I have an android app which uses the spring android library to communicate with my restful api. I'm not sure how to handle the scenario when the token for my client expires. What I'd like to to is to capture any 401 error and simply fetch a new token and retry the request.

I've created a ResponseErrorHandler and wired that up to my rest template:

public class UnauthorizedErrorHandler implements ResponseErrorHandler { 
    ....
    public void handleError(ClientHttpResponse response) throws IOException {
        if (response.getStatusCode().value() == HttpStatus.SC_UNAUTHORIZED) { // 401 error
            // fetch a new token

            // Retry request now that we have a new token???? 
        }
    }
}

My problem is that I have no access to the originating request in the Response error handler. Unless I'm missing something, this strategy seems reasonable, but I'm not sure how to make it work. This also seems like a typical scenario for any client that is working with OAuth tokens, so hopefully someone out there can point me in the right direction.

bmurmistro
  • 1,070
  • 1
  • 16
  • 35

1 Answers1

1

If the token has expired then you should ask the user to login again.

Think about a user removing your OAuth app access, your app will received an expired token or similar error, and you should have the user login and give your app access again.

If you are not referring to an OAuth token, but your own API, then your should create some sort of mechanism to update the token to be used by the client. For example, you can send a header with the new token on your response asking the user to start using the new value from that point onwards, or as part of the response body or a push notification requesting a token exchange, etc.

Robert Estivill
  • 12,369
  • 8
  • 43
  • 64
  • Robert, thanks for the response! Sorry I guess I should have been more clear, but I'm using refresh tokens so there isn't a need to re-authenticate unless the refresh token has expired as well. – bmurmistro Nov 26 '14 at 00:39