Status: Draft (View Workflow)
With the move toward short lived access tokens and the use of refresh tokens, edge-common should adopt the silent refresh pattern.
When logging in, both access and refresh tokens will be returned. Currently only the access token is cached. Instead both should be saved (in memory). Before the access token expires, the refresh token should be used to obtain a new access token.
Expiration of both access and refresh tokens must be handled gracefully by retrieving the credentials from secret storage and logging in again.
The token cache should be updated such that the TTL is always shorter than the access token TTL
- Silent refresh is implemented
- Token expiration is handled gracefully
- the token cache is updated as needed
- relates to
FOLIO-2556 SPIKE: investigate refresh tokens support in FOLIO
- mentioned in