when you say "modified oauth" - what type of flow is it?

same flow, but headers are slightly different when requesting the token: • grant_type = tenant_client_credentials • additional header called tenant_id

for refresh, you can do it with a simple filter which wraps the http handler, or a cached store (caffiene) with a background refresh happening on a thread.

Okay sweet i'll have a go at that, thanks Yeah (if i'm understanding you correctly) so it's roughly: • Application starts • We get the token • Some time passes and something happens in the application • Application calls the third party, might need to refresh the token before doing so

I'd probably create a little service class which is responsible for supplying and refreshing the token (on a background thread) and then a Filter which gets and applies the token to the outgoing request

Sounds like a plan, cheers!

This was exactly the strategy we used in the past for handling this scenario. It works well and it's easy to handle any error scenarios too.