Asp.NET Web API - Multiple requests during access token refreshing - Unauthorized 401

Asked Aug 15 '17 at 14:36

Active Aug 15 '17 at 14:36

Viewed 390 times

I have an application that makes multiple requests to an API to render parts of the page.

When the user's access token expires the first request sends the refresh token, gets the new access token and updates the cookie storing it, but as the requests are async, sometimes before updating the cookie the other requests send the old, now invalid token, so the API returns 401 Unauthorized.

How should I handle this? Is there a way to make the other requests wait for the access token to refresh?

asked Aug 15 '17 at 14:36

Mr. Mister

1

Just thinking off the cuff you could have the client retry x amount of time with a staggered delay when a 401 is returned or something like that – Nkosi Aug 15 '17 at 14:56
What do you use at the front end. javascript could provide an answer here – Michael Beuving Aug 15 '17 at 15:07
@MichaelTralala for security reasons we won't let javascript access the cookie, it is accessed only in the backend. – Mr. Mister Aug 15 '17 at 15:19
1

Then i'd go with Nkosi's solution, write a function that reads the response code and as soon as its 401 wait x time and send again, untill 200 comes through – Michael Beuving Aug 15 '17 at 15:24
Can you upd the question with code sample?? – Reedwanul Islam Aug 15 '17 at 17:43
It isn't possible, if you can help me with some example or solution somebody found, I'd appreciate. – Mr. Mister Aug 15 '17 at 20:04
Do you have access to the API's code? – Michael Beuving Aug 16 '17 at 07:17
1

@Nkosi we are going to try out your suggestion. I think it will work. – Mr. Mister Aug 16 '17 at 15:08

Asp.NET Web API - Multiple requests during access token refreshing - Unauthorized 401

0 Answers0