Question

Http Response Interceptor

0

Our application is using a token for authorization for an API. Right now, upon receiving the token we save its expiration date time. Once that time is up, we request another one. We’d like to start requesting a new token once we get a response back from the API that says our token is expired. Ideally after receiving the 401 response, we’d refresh the token and then resend the original request. Does anyone know how we could do this by using an http request interceptor? Is there a way to cancel the request from within the interceptor? I haven’t seen an http response interceptor, otherwise I’d just use that. I understand that we accomplish this using a microflow but we don’t want the developers in our company to have to code a loop every time they make a rest call to this API.

asked 2020-07-23

Micah Weatherhead

3 answers

Mike Kumpf · Answer 1 · 2020-07-23

Micah,

The practice we try to follow is if the token expires, we store the token, expiration time and refresh token (if any) in the Mendix database. Then we create a microflow that developers can call to get a token that is current.

An example for an MSGraph integration: there is microflow called GetTokenForLoggedInUser, which looks like this:

This microflow doesn’t require any parameters. It checks to see if there is a token stored in the Mendix database for the current user. If not, it initiates the process of generating a token via (Microsoft’s flavor of) OAuth. If there is a token, it checks to see if the token is expired. If it is expired the token is refreshed.

Here is the expiration decision:

and here is where the token gets refreshed, if needed

The benefits of this are:

developers only need to cal this microflow to get a usable token. no need to code up token refreshes on an ad hoc basis
checking for an expired token doesn’t require a round trip to the REST endpoint we are calling – likely a time savings

Maybe this will give you some ideas about how to tackle the issue you are facing.

Ronald Catersels · Answer 2 · 2020-07-23

Did you take a look at the System.HttpResponse? Because you can just retrieve that and check the status code. And based on that do a refresh of the token.

Regards,

Ronald

Micah Weatherhead · Answer 3 · 2020-07-23

I know that we can just do this but I was hoping that we could abstract the need to check and refresh the token from the developer’s microflows. If it were in an interceptor, we wouldn’t need to duplicate this loop.