Hi Sanjay, you can do that in the OnBeforeRequest action of the API - it will be once per API, not per each method. Also, you should mark Bogdan's answer as solution as indeed, that is the solution :) 

I don't think you can. The On Before Request is called before the request is called, so at that point you don't know whether the call will fail because of an expired token.

Also, using the On After Response won't help, as you can't retry the call from there.

Hi Sanjay,

Unfortunately, as far as I'm aware, the OutSystems Platform does not provide any way of doing that in a generic fashion. You will need to add the logic in every wrapper action for each REST method.

Also, you may need to add some logic in the On After Response, to catch the 401 (and make it a 200) to prevent a generic exception being raised instead of you being able to check the result programmatically.

Hi Kilian,

If you save in the same table where you save your access token and refresh token the timestamps when these expire (which are received in the auth in UTC), you can easily check in OnBeforeRequest if timestamp > CurrDateTime().

Don't you agree?

Well yes, but a) you may not know what the expiration time is and b) there's no way to get a new token in the OnBeforeRequest. So you know it's going to fail, but there's nothing you can do about it...

For point a:

In most of the cases you get the expiration time (in all of the cases I've yet seen actually). Below we can see for example a standard call for /oauth2/token.

Also, these tokens have pretty standard values and the service provider can share this info with you. Most of the time, default value of the refresh token is 30 days, while access token and id tokens are 60 minutes. If these values are modified by the service provider, they can share this info with you directly, but it's also shared in the response of the APIs most of the time.

For point b:

Knowing already if the token is valid, you could easily request a new one with an additional refresh call in the OnBeforeRequest of any API. Something like this:

The wrapper simply calls for an update to the access token (same call at /oauth2/token with grant type - refresh_token) and updates the value of the token in the database (we call our table Session in this case)

I may be wrong, but I don't think you can call a REST method inside the On Before Request of a REST service.

You are right.

I was investigating this topic today for integration with AWS Cognito but just managed to do an end to end test and indeed I get a 405 (method not allowed) if I try to call a REST service in OnBeforeRequest.

In this case, in my opinion it's a matter of creating a function that's checking the validity of the token from your table (as you store the expiry time) and refreshing the token + updating the values in the table afterwards. Afterwards, this function will be the first call in all the wrappers of each method used.

Thanks for your input, Kilian!

Yeah, you could check first, then refresh if needed, or just call and if you get an expired warning handle that. But in both cases, there's no easy way to do it for all methods of a REST service, you need to handle it for every REST method (inside a wrapper).