Auto-refresh of API Token for Management APIs

Question

Auto-refresh of API Token for Management APIs

krisnik opened this issue 2 years ago · 7 comments

krisnik commented 2 years ago

Describe the problem you'd like to have solved

Continuing from Auth0 Java SDK - Refreshing Management API Token

Describe the ideal solution

The SDK should internally handle the management api token and refresh it when required.

Alternatives and current work-arounds

Handle the API exception, refresh token and re-run the request.
Store tokenExpiresAt and refresh the token when managementAPI instance is required. Something in the lines of

public ManagementAPI getManagementAPI() {

    if (currentTime > tokenExpiresAt) {
        refreshToken();
        managementApi.setApiToken("new token");
    }

    return managementApi;
}

Have a background thread that refreshes the token at defined periodicity.

All the three workarounds have their own set of challenges. So, it would be ideal if SDK handles the token renewal.

Additional information, if any

Answer 1 · 2022-11-30T01:33:14.000Z

Thanks for raising @krisnik! We are looking into if this is something we can add to v2, will follow-up when we know more.

I'm curious if you could expand on the challenges of option 2) you listed above? Wondering if there's additional challenges beyond the increased verbosity of needing to always call getManagementAPI() before every API call.

Answer 2 · 2022-11-30T05:09:17.000Z

@jimmyjames - Any tentative timelines you have for v2 availability?

I cannot enforce "getManagementAPI()" in the code via some rules. So, if someone caches the object - ManagementAPI mgmtAPI in their class and initializes it only once, the client will get expired in the next 24 hours, unless some other thread updates the token via another getManagementAPI() call.

These will be hard to test / identify as the token may / may not get refreshed.

Answer 3 · 2022-12-07T01:26:52.000Z

Thanks @krisnik!

v2 is scheduled for a beta in early 2023, with a GA release to follow shortly.

If you have thoughts or would like to try out our solution in #479, please chime in there - thanks! 🚀

Answer 4 · 2023-01-31T03:55:51.000Z

Closing this for now, as we've added a stub TokenProvider in v2 beta that we can provide sync and async implementations for in the future.

Answer 5 · 2023-03-17T14:20:14.000Z

@jimmyjames any update on the TokenProvider for v2?

Answer 6 · 2023-05-11T11:12:26.000Z

Does lib support auto-refresh?

Answer 7 · 2023-05-16T15:09:51.000Z

Hi @jimmyjames

I see that the TokenProvider interface was added in v2, however am I right in thinking that the auto refreshing implementation is not added yet? The Builder class hard codes this to SimpleTokenProvider and there is no way to override it.

Is this something that is currently being worked on, or could you point me to an up to date workaround?