protected async Task SetAuthHeader(HttpRequestMessage request)
{
if (Auth0TokenProvider != null)
{
// The auth0 client id is already known, so we can directly use the token from the token provider.
if (!string.IsNullOrWhiteSpace(Auth0ClientId))
{
request.Headers.Authorization = await Auth0TokenProvider.GetAuthHeaderForClientAsync(Auth0ClientId);
}
// Maybe we already have a token for the host – then use it.
// If the host requires auth0 we’ll be noticed during 1st retry and can then extract the auth0 client id from the www-authentication header and use it for consecutive invocations.
else
{
var auth0Header = await Auth0TokenProvider.GetAuthHeaderForDomainAsync(request.RequestUri.Host);
if (auth0Header != null)
{
request.Headers.Authorization = auth0Header;
}
}
}
}
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
await SetAuthHeader(request);
HttpResponseMessage response = await base.SendAsync(request, cancellationToken);
if (response.IsSuccessStatusCode)
{
return(response);
}
//retry in case of an expired token
if (response.StatusCode == HttpStatusCode.Unauthorized && Auth0TokenProvider != null)
{
Logger.LogWarning($"Unauthorized invocation of REST service at {request.RequestUri}. Trying to get a new auth0 token.");
// Either the auth0 token expired or we have a domain where we do not know the client id in advance.
request.Headers.Authorization = await Auth0TokenProvider.GetAuthHeaderForClientAsync(response, true, Auth0ClientId);
response = await base.SendAsync(request, cancellationToken);
}
return(response);
}