I'm learning to build Windows 10 apps with an azure backend. I'm using Micosoft Account as my authentication provider. I've learned how to cache access tokens but I'm a little hung up on refresh tokens.
As I understand it, the access token is short lived, and the longer expiring refresh token allows me to get a new access token. I've been trying to follow along with Adrian Hall's book here: https://adrianhall.github.io/develop-mobile-apps-with-csharp-and-azure/chapter2/realworld/#refresh-tokens
My problem is that I don't quite understand when/where to call or how to use "client.RefreshUserAsync();" and the book isn't really clear.
When should I call refresh?? I guess the problem is that the token might expire in the middle of the user using the app, forcing the user to login again right? So do I call refresh every time my user does anything? I'm confused.
Right now, my app just has a single AuthenticateAsync method on my mainpage that executes when a user clicks a login button. It looks for a cached token, if there is one it checks expiration and re-authenticates if expired.
private async System.Threading.Tasks.Task<bool> AuthenticateAsync()
{
string message;
bool success = false;
var provider = MobileServiceAuthenticationProvider.MicrosoftAccount;
// Use the PasswordVault to securely store and access credentials
PasswordVault vault = new PasswordVault();
PasswordCredential credential = null;
try
{
//try to get an existing credential from the vault.
credential = vault.FindAllByResource(provider.ToString()).FirstOrDefault();
}
catch (Exception)
{
//When there is no matching resource an error occurs, which we ignore.
}
if (credential != null)
{
// Create a user from the stored credentials.
user = new MobileServiceUser(credential.UserName);
credential.RetrievePassword();
user.MobileServiceAuthenticationToken = credential.Password;
// Set the user from the stored credentials.
App.MobileService.CurrentUser = user;
success = true;
message = string.Format("Cached credentials for user - {0}", user.UserId);
// Consider adding a check to determine if the token is
// expired, as shown in this post: http://aka.ms/jww5vp
//check expiration
if (App.MobileService.IsTokenExpired())
{
//remove the expired credentials
vault.Remove(credential);
try
{
// Login with the identity provider
user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.MicrosoftAccount);
// Create and store the user credentials.
credential = new PasswordCredential(provider.ToString(),
user.UserId, user.MobileServiceAuthenticationToken);
vault.Add(credential);
message = string.Format("Expired credentials caused re-authentication. You are now signed in - {0}", user.UserId);
success = true;
}
catch (InvalidOperationException)
{
message = "You must log in. Login required.";
}
}
}
else
{
try
{
// Login with the identity provider
user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.MicrosoftAccount);
// Create and store the user credentials.
credential = new PasswordCredential(provider.ToString(),
user.UserId, user.MobileServiceAuthenticationToken);
vault.Add(credential);
message = string.Format("You are now signed in - {0}", user.UserId);
success = true;
}
catch (InvalidOperationException)
{
message = "You must log in. Login required.";
}
}
var dialog = new MessageDialog(message);
dialog.Commands.Add(new UICommand("OK"));
await dialog.ShowAsync();
return success;
}