Refresh token during http request in Blazor Interactive Server with OIDC (original) (raw)

Is there an existing issue for this?

In the Blazor Web App (Interactive server), the token refresh process occurs during the OnValidatePrincipal cookie event. This event is triggered if the access token is less than 5 minutes away from expiration. However, this event only executes during a complete page reload.

A potential issue arises when a user reloads the page 6 minutes prior to the access token's expiration. In this case, the OnValidatePrincipal event does not refresh the token. If the user continues to interact with the website without a full page reload, the token may expire after 6 minutes. Consequently, all subsequent API requests are rejected. The question is how to handle such a scenario.

Describe the solution you'd like

The common solution to this issue is to refresh the token during an HTTP request with a DelegatingHandler. However, in our scenario, we cannot override the cookie inside the DelegatingHandler. The expected behavior, therefore, is to be able to refresh tokens in the DelegatingHandler while storing them in cookies. If there's a way to override the cookie inside the DelegatingHandler that I'm not aware of, that could also be a potential solution.

Additional context

cc: @guardrex dotnet/blazor-samples#267
https://github.com/dotnet/blazor-samples/tree/main/8.0/BlazorWebAppOidc