❔ ASP.NET Core - How to handle external authentication access tokens?
Hi all, ASP.NET Core beginner here.
Where do I put external authentication access tokens after I have retrieved them? Does anyone have any links to documentation that explains how to do this well? I'm struggling to find any good documentation for beginners.
I'm working on a Controller that needs to make HTTP requests to an external REST API. I'm able to make requests to the external API to get access tokens using a client ID/secret. I can also then use those access tokens to make requests to the external API.
My problem now is I don't know how I'm supposed to securely store them and how I can properly re-use them without needing to request a new token every time I make a request.
21 Replies
You'd likely store it in application memory, perhaps in some kind of cache system to help with renewal
assuming this token isnt related to a specific user in your system that is
It's not related to a specific user. I'm trying to utilize the Client Credentials flow
sure
Would you have any examples of a cache system design I could use for "inspiration"? Or are there any NuGet packages that handle this so I don't need to reinvent the wheel?
IMemoryCache should be enough
it supports expiration and
GetOrCreate
if the external auth system supports renewal tokens, you might need to write your own or find a nuget
since that makes it slightly more complicatedYeah, it does support renewal tokens... :/
Unknown User•15mo ago
Message Not Public
Sign In & Join Server To View
Yeah, that would make sense
Is it OK if I ask a few follow-up questions to confirm my understanding of your explanation? (I'm still very new to ASP.NET Core and Dependency Injection in general, so I may ask some silly questions)
of course
keep using this thread.
here is a basic boilerplate implementation of the factory
you might want to add locks and stuff here
From what I understand:
1. I need to create a Token Factory to handle specific functionalities like retrieving new tokens and returning it, or returning existing tokens that haven't expired, or renewing an existing token
2. I then make an HttpMessageHandler that injects the token factory. That HttpMessageHandler will make requests to the external API and will use methods from the token factory whenever a token is needed?
3. I use that HttpMessageHandler in my Controller whenever I need to make calls to the external API?
since if this is used from a webapi, you might get several requests hitting this while its trying to renew/get a token.
Is that somewhat correct?
Thank you, this is very useful
1 and 2 are correct
3 should be " I use that typed HttpClient that uses that HttpMessageHandler ..."
Look into
IHttpClientFactory if you haven't already, especially "Typed http clients"Make HTTP requests using IHttpClientFactory in ASP.NET Core
Learn about using the IHttpClientFactory interface to manage logical HttpClient instances in ASP.NET Core.
Okay, great. Thank you both. This is all very helpful
Last question: do you both have any recommendations for any good courses for ASP.NET Core? I'm a newly grad with very limited experience in Java Spring, so I can make some connections, but overall it's new to me and I'd love to take the time to learn the in's and out's of this. I'm open to Udemy course recommendations, textbook recommendations, etc
Nope, sorry.
The downside of already knowing it is I can't recommend ways to learn it 😛
No worries lol. Thank you both again
Its worth mentioning that none of this (TokenFactory, typed httpclient, HttpClientFactory etc) is related to ASP.NET as such
its just general .NET 🙂
Unknown User•15mo ago
Message Not Public
Sign In & Join Server To View
Yeah, true. TokenFactory would be an entirely custom class.
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.