Split methods for ensuring access token for cases where we have a refresh token, and an access token that needs to be exchanged.

Author: AndyButland

src/Umbraco.AuthorizedServices/Models/Token.cs

@@ -1,3 +1,5 @@
+using System;
+
 namespace Umbraco.AuthorizedServices.Models;
 
 /// <summary>
@@ -40,12 +42,7 @@ public Token(string accessToken, string? refreshToken, DateTime? expiresOn)
     public DateTime? ExpiresOn { get; }
 
     /// <summary>
-    /// Checks to see if the token either has or is about to expire (in the next 30 seconds).
-    /// </summary>
-    public bool HasOrIsAboutToExpire => ExpiresOn.HasValue && DateTime.UtcNow.AddSeconds(30) > ExpiresOn;
-
-    /// <summary>
-    /// Checks to see if the exchange token either has or is about to expire (in the next 30 days).
+    /// Checks to see if the token will be expired after the provided period.
     /// </summary>
-    public bool ExchangeTokenHasOrIsAboutToExpire => ExpiresOn.HasValue && DateTime.UtcNow.AddDays(30) > ExpiresOn;
+    public bool WillBeExpiredAfter(TimeSpan period) => ExpiresOn.HasValue && DateTime.UtcNow.Add(period) > ExpiresOn;
 }

src/Umbraco.AuthorizedServices/Services/Implement/AuthorizedServiceCaller.cs

@@ -144,57 +144,70 @@ public async Task<string> SendRequestRawAsync<TRequest>(string serviceAlias, str
 
     private async Task<Token> EnsureAccessToken(string serviceAlias, Token token)
     {
-        if (token.HasOrIsAboutToExpire)
+        if (token.WillBeExpiredAfter(TimeSpan.FromSeconds(30)))
         {
             if (string.IsNullOrEmpty(token.RefreshToken))
             {
                 ClearAccessToken(serviceAlias);
                 throw new AuthorizedServiceException($"Cannot request service '{serviceAlias}' as the access token has expired and no refresh token is available to use. The expired token has been deleted.");
             }
 
-            Token? refreshedToken = await RefreshAccessToken(serviceAlias, token.RefreshToken) ?? throw new AuthorizedServiceException($"Cannot request service '{serviceAlias}' as the access token has expired and the refresh token could not be used to obtain a new access token.");
-
-            return refreshedToken;
+            return await RefreshAccessToken(serviceAlias, token.RefreshToken) ?? throw new AuthorizedServiceException($"Cannot request service '{serviceAlias}' as the access token has expired and the refresh token could not be used to obtain a new access token.");
         }
 
         return token;
     }
 
-    private async Task<Token> EnsureExchangeAccessToken(string serviceAlias, Token token)
+    private async Task<Token?> RefreshAccessToken(string serviceAlias, string refreshToken)
     {
-        if (token.ExchangeTokenHasOrIsAboutToExpire)
+        ServiceDetail serviceDetail = GetServiceDetail(serviceAlias);
+
+        Dictionary<string, string> parameters = _refreshTokenParametersBuilder.BuildParameters(serviceDetail, refreshToken);
+
+        HttpResponseMessage response = await AuthorizationRequestSender.SendRequest(serviceDetail, parameters);
+        if (response.IsSuccessStatusCode)
         {
-            Token? refreshedToken = await RefreshAccessToken(serviceAlias, string.Empty) ?? throw new AuthorizedServiceException($"Cannot request service '{serviceAlias}' as the access token has expired and the refresh token could not be used to obtain a new access token.");
+            Token token = await CreateTokenFromResponse(serviceDetail, response);
+            StoreToken(serviceAlias, token);
+            return token;
+        }
+        else
+        {
+            throw new AuthorizedServiceHttpException(
+                $"Error response from refresh token request to '{serviceAlias}'.",
+                response.StatusCode,
+                response.ReasonPhrase,
+                await response.Content.ReadAsStringAsync());
+        }
+    }
 
-            return refreshedToken;
+    private async Task<Token> EnsureExchangeAccessToken(string serviceAlias, Token token)
+    {
+        if (token.WillBeExpiredAfter(TimeSpan.FromDays(30)))
+        {
+            return await RefreshExchangeAccessToken(serviceAlias, token.AccessToken) ?? throw new AuthorizedServiceException($"Cannot request service '{serviceAlias}' as the access token has expired and the refresh token could not be used to obtain a new access token.");
         }
 
         return token;
     }
 
-    private async Task<Token?> RefreshAccessToken(string serviceAlias, string refreshToken)
+    private async Task<Token?> RefreshExchangeAccessToken(string serviceAlias, string accessToken)
     {
         ServiceDetail serviceDetail = GetServiceDetail(serviceAlias);
 
-        Dictionary<string, string> parameters = serviceDetail.CanExchangeToken
-            ? _exchangeTokenParametersBuilder.BuildParameters(serviceDetail, refreshToken)
-            : _refreshTokenParametersBuilder.BuildParameters(serviceDetail, refreshToken);
+        Dictionary<string, string> parameters = _exchangeTokenParametersBuilder.BuildParameters(serviceDetail, accessToken);
 
-        HttpResponseMessage response = serviceDetail.CanExchangeToken
-            ? await AuthorizationRequestSender.SendExchangeRequest(serviceDetail, parameters)
-            : await AuthorizationRequestSender.SendRequest(serviceDetail, parameters);
+        HttpResponseMessage response = await AuthorizationRequestSender.SendExchangeRequest(serviceDetail, parameters);
         if (response.IsSuccessStatusCode)
         {
             Token token = await CreateTokenFromResponse(serviceDetail, response);
-
             StoreToken(serviceAlias, token);
-
             return token;
         }
         else
         {
             throw new AuthorizedServiceHttpException(
-                $"Error response from refresh token request to '{serviceAlias}'.",
+                $"Error response from exchange access token request to '{serviceAlias}'.",
                 response.StatusCode,
                 response.ReasonPhrase,
                 await response.Content.ReadAsStringAsync());