yes, i used the exact code of the article.
No, im not using any “using” statements.
For me it also make sens, because if i get a 401 as return the communication between client and server is over for this request.
I am now trying another option. Since I always query whether the user is currently authenticated when starting the app or switching the page (this is frequently), I also include the Access_Token_Expires_In and check whether it has expired or expires in less then five minutes. If so, I use the code of the article to update with the refresh token.
Can you briefly confirm that this process makes sense and has no security vulnerability?