Following the ASP.NET Core quick start, it shows how to request an access token to call an API. It then shows how to access the token, and check the expiration date of that token, demonstrated below.
What it does not show however-- what do you do if the token is expired? Should I create a new Authentication Client and request a new one from the refresh token? Or is there a different flow I should follow. This should be explained in this code snippet.
// Inside one of your controller actions
if (User.Identity.IsAuthenticated)
{
string accessToken = await HttpContext.GetTokenAsync(“access_token”);
// if you need to check the Access Token expiration time, use this value
// provided on the authorization response and stored.
// do not attempt to inspect/decode the access token
DateTime accessTokenExpiresAt = DateTime.Parse(
await HttpContext.GetTokenAsync("expires_at"),
CultureInfo.InvariantCulture,
DateTimeStyles.RoundtripKind);
string idToken = await HttpContext.GetTokenAsync("id_token");
// Now you can use them. For more info on when and how to use the
// Access Token and ID Token, see https://auth0.com/docs/tokens
}