I have a web api that uses OWIN Authentication in my ASP.NET WebAPI and I need to implement refresh token.
When users login, API sends a Access_Token
, Expiry_Date
(3 mins) and Refresh_token
to client.
Then the tokens are saved in the client localStorage
.
I know that the use of refresh_token is to get new access_token
if the access_token
is expired.
Now my problem is When to do this?
Do i need to check if the client still has a valid/un-expired access_token
EVERY TIME i request for a data in the Web API? And if the access_token is expired, i need to request a new access_token right?
For example:
- Client (Mobile hybrid app) request for data in
api/orders
(Web API). - The client detected that the
access_token
he uses is expired base on theExpiry_Date
that was saved in the localStorage. - I need to "STOP" the request, get new
access_token
usingrefresh_token
and then request theapi/orders
again. Basically doing THREE requests simultaneously? Seems to me a bit in efficient.
Or get the user to login again? I mean every 3 minutes the user needs to login? Which defeats the purpose of this.
Any idea how to handle it?
In this sample ajax request below, can someone have idea handle this?
$.ajax({
type: 'GET',
url: WEB_API_URL,
data: data,
dataType: 'json',
beforeSend: function(xhr) {
// need to check if the accessToken is expired
xhr.setRequestHeader("Authorization", "Bearer " + accessToken);
},
}).