Access token not cached properly?

[petrovicnemanja]

Hi, can you look into the code regarding _authenticationResponses? We were having a lot of issues with some mysterious 401 errors, and after some investigation it looks like the code isn't doing any proper caching of the tokens, ie. they are staying in memory indefinitely, even after they expire?

vipps-episerver/src/Vipps/VippsServiceApiFactory.cs

Line 19 in 36bd2f0

private static IList<AuthenticationResponse> _authenticationResponses;

[cloveras]

Interesting.. Will have the developers have a look.

As a general tip not related ti this: https://vippsas.github.io/vipps-developer-docs/docs/vipps-developers/faqs/common-errors-faq#why-do-i-get-http-401-unauthorized

[hyllengren]

@petrovicnemanja
They will stay in memory indefinately if no more requests for that market configuration happens:

vipps-episerver/src/Vipps/VippsServiceApiFactory.cs

Line 96 in 36bd2f0

_authenticationResponses.Remove(

So f.ex. if you have no requests for 24h, the token will be stored. But as soon as yo refresh the token it will be removed and replaced with the new token.

[petrovicnemanja]

@hyllengren Thanks for the feedback. But when you say "refresh the token", there doesn't seem to be a mechanism for it, other than restarting/redeploying the whole application? Would you consider changing _authenticationResponses so that instead of IList<AuthenticationResponse> it's stored in ISynchronizedObjectInstanceCache or something similar? That way you can set it in cache with the expiration time from the response.

[valdisiljuconoks]

And thinking one step further - if it's stored in the cache under a well-known key, this opens up an option to flush "forcibly" (if needed) cache entry via some 3rd party tool (like cache viewer) to "reload" the token.

I hope this is rare case - but still an option for developers / site admins.