Is there a recommended way of handling Management API token refresh?
In my mind there are three ways…
- Handle the API exception, refresh token and re-run the request.
- Store
tokenExpiresAt
and refresh the token whenmanagementAPI
instance is required. Something in the lines of
public ManagementAPI getManagementAPI() {
if (currentTime > tokenExpiresAt) {
refreshToken();
managementApi.setApiToken("new token");
}
return managementApi;
}
- Have a background thread that refreshes the token at defined periodicity.
All three options have some level of drawbacks.
For 1, retries should be handled at each Auth0 call. the code becomes repetitive.
In 2, we cannot let callers cache managementAPI object. They should always use getManagementAPI()
.
In case of 3, additional handling is required to ensure that the background thread is re-created if it crashes for any reason.
Please share your suggestions and thoughts.