Yes, I’m aware we can just get another token that way.
Re-reading my question, I see that I wasn’t very clear about my concern.
I want to optimise the amount of M2M tokens the application gets as much as possible and was wondering if there’s any best practices on how to handle this.
I was thinking:
- The application gets a request to call a protected API
- It checks it has a cached token stored in memory (would a file be too dangerous?)
- If a token exists, the token is decoded and we check the
exp field to know if it’s expired (most JWT libraries will throw an exception if the token is expired).
4a. If the token hasn’t expired, cool, use it to call the protected API
4b. If the token has expired, request a new M2M token and cache it.
Does this sound like a reasonable approach to handle M2M token renewals to you? Or is there a documented approach somewhere to handle this common use case?