protected async Task SetAuthHeader(HttpRequestMessage request) { if (Auth0TokenProvider != null) { // The auth0 client id is already known, so we can directly use the token from the token provider. if (!string.IsNullOrWhiteSpace(Auth0ClientId)) { request.Headers.Authorization = await Auth0TokenProvider.GetAuthHeaderForClientAsync(Auth0ClientId); } // Maybe we already have a token for the host – then use it. // If the host requires auth0 we’ll be noticed during 1st retry and can then extract the auth0 client id from the www-authentication header and use it for consecutive invocations. else { var auth0Header = await Auth0TokenProvider.GetAuthHeaderForDomainAsync(request.RequestUri.Host); if (auth0Header != null) { request.Headers.Authorization = auth0Header; } } } }
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { await SetAuthHeader(request); HttpResponseMessage response = await base.SendAsync(request, cancellationToken); if (response.IsSuccessStatusCode) { return(response); } //retry in case of an expired token if (response.StatusCode == HttpStatusCode.Unauthorized && Auth0TokenProvider != null) { Logger.LogWarning($"Unauthorized invocation of REST service at {request.RequestUri}. Trying to get a new auth0 token."); // Either the auth0 token expired or we have a domain where we do not know the client id in advance. request.Headers.Authorization = await Auth0TokenProvider.GetAuthHeaderForClientAsync(response, true, Auth0ClientId); response = await base.SendAsync(request, cancellationToken); } return(response); }