Hi all,
I was using OKHttp Authenticator earlier to update the expired tokens. When the API fails with 401, I make a synchronous call to refresh the token. when the token is refreshed, I update the header with new token and return the new request with new token attached.
Similar to Problem Solved 2: Access Token refresh with Okhttp Authenticator | by Sandeep Tengale | Medium
When I implemented AuthO, there is no way to fetch the access token synchronously.
I am using
credentialsManager.getCredentials(new BaseCallback<Credentials, CredentialsManagerException>() {
onSuccess(Credentials cred){
}
onFailure(){
}
}
which is asynchronous. The authenticator needs to be synchronous as it needs to return a request.
This is my authenticator:
synchronized Request authenticate(@Nullable Route route, @NonNull Response response) {
Objects.requireNonNull(response, "Response");
if(retries++ <= 0)
lockManager.refreshToken(credentials -> {
if(credentials.getAccessToken() != null){
Log.d(TAG, "authenticate: token updated "+credentials.getAccessToken());
sessionContext.setAccessToken(credentials.getAccessToken());
retries = 0;
}
if(credentials.getRefreshToken() != null){
sessionContext.setRefreshToken(credentials.getRefreshToken());
}
});
else if(retries > 5) {
Log.d(TAG, "authenticate: more than 5 tries giving up");
return null;
}
String authHeader = String.format("%s %s", AppConstants.APIHeaders.AUTHORIZATION_VALUE,
sessionContext.getAccessToken());
Request request = response.request().newBuilder()
.header(AppConstants.APIHeaders.AUTHORIZATION, authHeader)
.build();
return request;
}
}
Here I am just retrying the request 5 times before giving up which seems like a hack to me. Is there a change listener which I can attach to the credential manager to get updates of the token changes??
I went through all the examples I could find, but in everything, the API call is being made after fetching the access token.
Please let me know the right way to do the access token refresh issue when I receive a 401 response.
FYI I already went through this:
https://auth0.com/docs/architecture-scenarios/mobile-api/mobile-implementation-android