Auth0 Java SDK - Refreshing Management API Token

krisnik · November 7, 2022, 4:05pm

Is there a recommended way of handling Management API token refresh?

In my mind there are three ways…

Handle the API exception, refresh token and re-run the request.
Store tokenExpiresAt and refresh the token when managementAPI instance is required. Something in the lines of

public ManagementAPI getManagementAPI() {

    if (currentTime > tokenExpiresAt) {
        refreshToken();
        managementApi.setApiToken("new token");
    }

    return managementApi;
}

Have a background thread that refreshes the token at defined periodicity.

All three options have some level of drawbacks.

For 1, retries should be handled at each Auth0 call. the code becomes repetitive.
In 2, we cannot let callers cache managementAPI object. They should always use getManagementAPI().
In case of 3, additional handling is required to ensure that the background thread is re-created if it crashes for any reason.

Please share your suggestions and thoughts.

dan.woda · November 8, 2022, 5:01pm

Hi @krisnik,

Welcome to the Auth0 Community!

I’m a bit surprised the library doesn’t handle this automatically. It may be worth submitting an issue in the GH repo and see if this is a bug.

For now, I would suggest either inspecting the exp (Expiration Time) claim, or refreshing when you receive the error.

krisnik · November 16, 2022, 9:50am

Thanks for the response. Have created - Auto-refresh of API Token for Management APIs · Issue #473 · auth0/auth0-java · GitHub

dan.woda · November 16, 2022, 4:26pm

Thank you! Let us know if you have any other questions.

system · November 30, 2022, 4:26pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.