We would like to implement a rolling token refresh on our webcore application in line with the reply highlighting this in https://stackoverflow.com/questions/69967612/why-is-refresh-token-is-more-secure-why-do-we-use-refresh-token-if-it-can-also.
The approach would be to examine the access token each time a call back to the XData server is made. If the access token is within X minutes of expiry, then an acync call is made to the Sphinx server, via TSphinxWebLogin to refresh the access token. If the current access token had expired then an exception would be raised. Otherwise new access and refresh tokens would be issued with the same expiry.
The call should retain the context of the main webcore app and not redirect as the Login does as this results in the webcore app being set to it's initial state and any work not committed would be lost.
An alternative would for the login screen to be displayed in a non destructive way, but the sliding window approach would provide a better end user experience and it would also mean that access tokens could be issued for shorter periods as users would get annoyed with having to login frequently.
I see that @wlandgraf raised a feature development request Implement TOidcClient.RefreshToken method back in November 2022.
Is there a way to achieve this now or do we need to bump up the development request if that would achieve this?
Good to know!