Handle Token Refresh
You can use refresh tokens to get new access tokens when they expire.
Access tokens normally have short expiration windows, so you'll want to use the refresh token to get new access tokens for users in your C# server.
Refresh Tokens in Auth Middleware
Use the Wristband SDK in your auth middleware to call the RefreshTokenIfExpired() function.
// AuthMiddleware.cs
public class AuthMiddleware
{
private readonly RequestDelegate _next;
public AuthMiddleware(RequestDelegate next) => _next = next;
public async Task InvokeAsync(HttpContext context, IWristbandAuthService wristbandAuth)
{
if (context.GetEndpoint()?.Metadata.GetMetadata<RequireWristbandAuthAttribute>() == null)
{
await _next(context);
return;
}
if (!await IsAuthenticated(context))
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return;
}
/* ***** BEGIN TOKEN REFRESH LOGIC ***** */
try
{
var refreshToken = context.User.FindFirst("refreshToken")?.Value ?? string.Empty;
var expiresAt = long.TryParse(context.User.FindFirst("expiresAt")?.Value, out var exp) ? exp : 0;
var tokenData = await wristbandAuth.RefreshTokenIfExpired(refreshToken, expiresAt);
// Update token claims if refresh was necessary
var claims = context.User.Claims;
if (tokenData != null)
{
claims = claims
.Where(c => !new[] { "accessToken", "refreshToken", "expiresAt" }.Contains(c.Type))
.Concat(new[]
{
new Claim("accessToken", tokenData.AccessToken),
new Claim("refreshToken", tokenData.RefreshToken ?? string.Empty),
new Claim("expiresAt", $"{DateTimeOffset.Now.ToUnixTimeMilliseconds() + (tokenData.ExpiresIn * 1000)}")
});
}
await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme)),
new AuthenticationProperties { IsPersistent = true });
await _next(context);
}
catch (Exception ex)
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
}
/* ***** END TOKEN REFRESH LOGIC ***** */
}
...
}
Updated 8 days ago