This project has moved and is read-only. For the latest updates, please go here.

Refresh the access token from within OWIN pipeline?

Aug 13, 2014 at 6:41 PM
Edited Aug 13, 2014 at 6:43 PM
Hi all I have a web app that currently gets new access tokens from refresh tokens and the logic is outside of the owin pipeline and storing the tokens (refresh and cache) in a custom cookie. I would like to move all the token handling logic to the OWIN pipeline

Can anyone show me an example of how to get a new access tokens using refresh tokens from within the OWIN pipeline? Ideally storing the tokens in the authentication ticket in order to reuse the auth cookie?

I believe the pattern would be app.Use((context, next) => { ... return net();} where I would get the stored tokens and get new ones if expired then storing them again in the cookie, all that would happen within the OWIN pipeline before the request is sent to my aspx page.
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
 {
   ClientId = ClientId,
   Authority = CommonAuthEndpoint,
   Notifications = new OpenIdConnectAuthenticationNotifications()
     {
       AuthorizationCodeReceived = (context) =>
         {
           // call authContext.AcquireTokenByAuthorizationCode
           // TODO: store access token and refresh token in context.AuthenticationTicket ?
           // TODO: handle getting new access tokens from refresh tokens in OWIN pipeline ?
Aug 20, 2014 at 9:54 PM
Sounds like you're on the right track. You can store the data as claims on the identity (in the ticket). When your refresh middleware runs it can update those claims and call IOwinContext.Authentication.SignIn preserve the changes.
Aug 21, 2014 at 3:24 AM
Thank you for the response, I am actually looking for actual Source Code Sample as well as guidance to "best patterns and practices" when it comes to token handling in OWIN.

Also Calling a method "SignIn" to save the new added claims or the new data stored in the ticket, is not a very obvious or good API pattern design. Why would I call "SignIn" again? the user was already signed in, in my case I would be getting a new AccessToken before the current one expires. Can you guys add a new method with a better name? like SaveContextInCookie, or UpdateContextInCookie, UpdateAuthTicket, SaveAuthTicket, etc?

In any case I am fine calling "SignIn" (for now) in order to save the new token, but can you guys provide some simple code samples?
Aug 21, 2014 at 4:57 AM
These folks may be able to walk you through it: https://jabbr.net/#/rooms/owin