0

I'm trying to authenticate my UWP app with an ASP.NET Core web API which implemented IdentityServer4. (geant_type is Password) So on the app, I added the nuget IdentityModel 4.3.1 and wrote the following code to get the token and refresh token. Please note I used System.Net.Http.HttpClient here.

var policy = new DiscoveryPolicy();
        policy.ValidateIssuerName = false;
        
        var client = new HttpClient();
        
        DiscoveryDocumentResponse disco = await client.GetDiscoveryDocumentAsync(new DiscoveryDocumentRequest
        {
            Address = "https://maduranga-atrad.boardpac.local:8443/Auth.API",
            ClientSecret = "LTY0OTU1NzY3OTM0OTQ1NjE3NA",
            Policy = policy
        });
        
        TokenResponse token = await client.RequestPasswordTokenAsync(new PasswordTokenRequest()
        {
            UserName = "User786",
            Password = "Password@123",
            ClientId = "boardpac.main.uwp",
            ClientSecret = "LTY0OTU1NzY3OTM0OTQ1NjE3NA",
            GrantType = "password",
            Scope = "openid email offline_access main auth",
            Address = disco.TokenEndpoint,
            AuthorizationHeaderStyle = BasicAuthenticationHeaderStyle.Rfc6749
        });

        TokenResponse refresh = await client.RequestRefreshTokenAsync(new RefreshTokenRequest()
        {
            Address = disco.TokenEndpoint,
            RefreshToken = token.RefreshToken,
            ClientId = "boardpac.main.uwp",
            AuthorizationHeaderStyle = BasicAuthenticationHeaderStyle.Rfc6749,
            
        });

My problems are

  1. When to send the refresh token request? Do I have to manually handle the token expiration? (I need to wait till HttpClient returns HTTP error 401 and then initiate the token request. But what happens to all the subsequent requests? I have to queue all the requests and then retry, etc.. seems lots of work.)

  2. I saw one example where RefreshTokenHandler was set to the HttpClient (System.Net.Http.HttpClient) and it says the refreshing part was automatically handled. I use Windows.Web.Http HttpClient and I can't use RefreshTokenHandler. How do I use Windows.Web.Http HttpClient to automatically handle refresh token?

Thank you for your consideration.

SurenSaluka
  • 1,534
  • 3
  • 18
  • 36
  • You can use filters which is an equivalent to handlers - https://learn.microsoft.com/en-us/uwp/api/windows.web.http.filters?view=winrt-19041 – Razor Aug 31 '20 at 18:41
  • Could you please elaborate more about filters with a code sample? – SurenSaluka Sep 01 '20 at 17:14
  • 1
    There’s sample code already available in the above link – Razor Sep 02 '20 at 10:14
  • Hi, this is about adding custom headers. What I need is an automated way of the token refresh. In GitHub (https://github.com/IdentityModel/IdentityModel/pull/17), the owners of IdentityModel say it was not implemented yet. I would appreciate it if you can let me know a way of manually handle token expiration. – SurenSaluka Sep 08 '20 at 06:39

0 Answers0