I have a blazor wasm application that has a http client setup with a CustomAuthorizationMessageHandler.
builder.Services.AddScoped<CustomAuthorizationMessageHandler>();
builder.Services.AddHttpClient<MyHttpClient>(...)
..AddHttpMessageHandler<CustomAuthorizationMessageHandler>();
class CustomAuthorizationMessageHandler : AuthorizationMessageHandler
{
//...
}
And my backend api server has a reference to Auth0 management api that can update a user's metadata.
My blazor wasm app will make a call to the backend api server that will update the user's metadata that will be reflected in the user's tokens. I want to take advantage of the refresh tokens to re-request id and refresh tokens again without logging out the user.
How do I refresh the tokens in http client only after making the backend api call that updates the user tokens?
It is a conscious decision that I only only want to refresh tokens when needed and not for every http call.
What is the best practice to do it?
I have a blazor wasm application that has a http client setup with a CustomAuthorizationMessageHandler.
builder.Services.AddScoped<CustomAuthorizationMessageHandler>();
builder.Services.AddHttpClient<MyHttpClient>(...)
..AddHttpMessageHandler<CustomAuthorizationMessageHandler>();
class CustomAuthorizationMessageHandler : AuthorizationMessageHandler
{
//...
}
And my backend api server has a reference to Auth0 management api that can update a user's metadata.
My blazor wasm app will make a call to the backend api server that will update the user's metadata that will be reflected in the user's tokens. I want to take advantage of the refresh tokens to re-request id and refresh tokens again without logging out the user.
How do I refresh the tokens in http client only after making the backend api call that updates the user tokens?
It is a conscious decision that I only only want to refresh tokens when needed and not for every http call.
What is the best practice to do it?
Share Improve this question edited Mar 12 at 9:45 Bowen asked Mar 11 at 9:56 BowenBowen 5818 silver badges12 bronze badges 01 Answer
Reset to default 1It should be sufficient to call RequestAccessToken as in the SendAsync method.
Here's an example:
public class CustomAuthorizationHeaderHandler : DelegatingHandler
{
private readonly IAccessTokenProviderAccessor _accessor;
public CustomAuthorizationHeaderHandler(IAccessTokenProviderAccessor accessor)
{
_accessor = accessor ?? throw new ArgumentNullException(nameof(accessor));
}
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var accessTokenResult = await _accessor.TokenProvider.RequestAccessToken();
if (accessTokenResult.TryGetToken(out var accessToken) && !string.IsNullOrWhiteSpace(accessToken.Value))
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken.Value);
return await base.SendAsync(request, cancellationToken);
}
}
Comments summary edit:
There's no built-in way to refresh the token after a specific request unless it has already expired, in that case, RequestAccessToken triggers a refresh. If claims have changed and you need to ensure updated user data, the only reliable approach is forcing reauthentication (navigating to the login page). It might be worth raising a GitHub issue for the Blazor team, as there's currently no best practice for this scenario.