when you say "modified oauth" - what type of flow is it?
m
MrNiamh
03/31/2021, 1:28 PM
same flow, but headers are slightly different when requesting the token:
• grant_type = tenant_client_credentials
• additional header called tenant_id
also out of curiosity, what the answer would be if it was just the standard client credentials?
d
dave
03/31/2021, 1:31 PM
for refresh, you can do it with a simple filter which wraps the http handler, or a cached store (caffiene) with a background refresh happening on a thread.
so is the original "getting" of the credentials also on the serverside?
m
MrNiamh
03/31/2021, 1:38 PM
Okay sweet i'll have a go at that, thanks
Yeah (if i'm understanding you correctly) so it's roughly:
• Application starts
• We get the token
• Some time passes and something happens in the application
• Application calls the third party, might need to refresh the token before doing so
d
dave
03/31/2021, 1:46 PM
I'd probably create a little service class which is responsible for supplying and refreshing the token (on a background thread) and then a Filter which gets and applies the token to the outgoing request
m
MrNiamh
03/31/2021, 1:51 PM
Sounds like a plan, cheers!
f
fredrik.nordin
04/01/2021, 8:37 AM
This was exactly the strategy we used in the past for handling this scenario. It works well and it's easy to handle any error scenarios too.