Token Sharing between multiple concurrent requests C#
I have an application (A) where multiple users can login via. username and password and receive a token for upcomning requests. If their token expires they can get a new one. This all works fine. Now the problem is that sometimes App (A) needs to access App (B) via. an API-call that also in itself requires a (separate) token. The call(s) from A to B needs to use the same token regardless of which client makes the call. In other words - app B does not need to know which client makes a call, it just sees every call as coming for app A.
My issue here comes with generating and refreshing TokenB in a threadsafe manner. Let's say TokenB has expired and C1,C2,C3 all makes a call at exactly the same time. Of course only one new token should be generated.
I figure this is a quite common obstacle, but I can't really find any guides on this specific topic of thread-safe token (re)generation.
App A is written in C# btw. Not that it matters for the issue, but perhaps Microsoft has a solution for this.
Good question and it is tricky to deal with token refresh in OAuth clients. There are two common techniques. I prefer the second of these since it is more reliable, but it requires trickier code:
- App A refreshes TokenB periodically on a background timer thread, in an effort to prevent 401s
- App A handles 401s, via a token refresh then retrying the request to App B
SYNCHRONIZING TOKEN REFRESH
A common technique can be to make the client code look simple from the outside:
var data = await myApiClient.getData();
But somewhere in the implementation you use a collection of callbacks when a token refresh is necessary. The first of these makes the actual refresh call, and when it completes it resolves all other callbacks with the same result.
EXAMPLE CODE
Here is some TypeScript code that handles concurrent in-flight token refresh. In C# you could do an equivalent thing with tasks, and your callback handling would need to be thread safe:
- Fast & accurate atan/arctan approximation algorithm
- What's the difference between strtok_r and strtok_s in C?
- How memory address for pointer to arrays is same as an element in 2D array?
- Which is the best way to suppress "unused variable" warning
- How to use ellipsis in c's case statement?
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- Fast ceiling of an integer division in C / C++
- Is there an invalid pthread_t id?
- How does SIMD (avx) processing work? for example, if I want 10 32 bit floats how do i fit in a 256 bit avx vector?
- FDCAN problems on STM32G4
- How does the call macro enable mutual recursion between functions f and g in this Hanoi Tower implementation?
- Running test on Rocket core CPU - global variable initialized to 0 is unsuccessful, output wrong value instead
- Interacting with C arrays without knowing the size
- Combination of two strings
- Avoiding strcpy overflow destination warning
- carriage return by fgets
- How to use special characters in C?
- Why does 1.0/100.0 == 0.1/10.0 give True?
- Is it correct to compare pointers in C?
- Force free() to return malloc memory back to OS
- How can I print to standard error in C with 'printf'?
- What is the standard behavior of fread in C on Windows?
- How is strtok removing lines it shouldn't have access to?
- Using array as smart point in C
- Assigning string to malloced 2d char array not working as intended
- How to refactor repetition inside a Makefile?
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct
- Character array typecasting to integer
- Handling HTTP Headers in a Minimal C HTTP Server