Scenario:
When the request token expires and multiple requests happen from different service instances, that all request a new request token via the remote HTTP call, at the same time, the latter request token will make the former request token invalid. Because each request to get a new token will make the previous one invalid. The service to generate request token is a third party one, we can't change it.
Questions:
Our application architecture is microservice based, each service will have multiple instances, how can I reuse the request token between each service?(maybe store it in an external Redis is an option)
During the service starting up, how can we make sure only one refresh token request sent to the third party service?
Afterwards, when the request token expires, how can we renew it?
Tech Stack:
Following is an option that you can consider
Create a new MicroService for Token Management. All MicroServices will access the third Party Auth Component through this Service
In the Token Management Service, you create a Spring Singleton bean which would be automatically initialized when this services starts (@Autowired)
Inside this bean, you can have the logic for invoking the third party API
Based on your requirement, you can decide if a caching Service like Redis/memcache is needed or a RDBMS table would do
In this token Management service, when you get the token expired response from the third party API, you can have logic for renewing the token