Skip to content

POWER 4446 Fix refresh token logic #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
NicolaiHoel wants to merge 2 commits into from
Closed

POWER 4446 Fix refresh token logic #77

NicolaiHoel wants to merge 2 commits into from

Conversation

@NicolaiHoel
Copy link
Contributor

@NicolaiHoel NicolaiHoel commented Jan 16, 2026

This PR fixes the refresh token logic, assuring old tokens doesn't accumulate in the header.

@sarahsa
Copy link
Contributor

sarahsa commented Jan 20, 2026

By removing the injection of HttpClient in the HeimdallApiClient, we are removing the functionality for customers to add their own clients (for instance setting up their own resilience pipelines). In addition the injection is optional, so it shouldn't cause any big issues.

Let's discuss 🤓

sarahsa
sarahsa reviewed Jan 20, 2026
View reviewed changes
dotnet/HeimdallPower.Api.Client/HeimdallPower.Api.Client/HeimdallApiHttpClient.cs
_tokenExpiresOn = accessTokenProvider.GetTokenExpiry();
foreach (var header in accessTokenProvider.GetAccessHeaders())
{
HttpClient.DefaultRequestHeaders.TryAddWithoutValidation(header.Key, header.Value);
Copy link
Contributor

@sarahsa sarahsa Jan 20, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of creating a separate auth handler and removing existing functionality as previously mentioned here, I would suggest the following:

Keep HeimdallApiHttpClient as is, and add a check that if HttpClient.DefaultRequestHeaders already contains the header.key, then remove it first and then add the KeyValue pair as we are already doing here HttpClient.DefaultRequestHeaders.TryAddWithoutValidation(header.Key, header.Value.

Copy link
Contributor

@sarahsa sarahsa Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue here is that HttpClient.DefaultRequestHeaders is not a dictionary as one could expect, but rather a key with an associated array. That means that when we add a new value, it is appended instead of overwriting the existing value and after some time the header becomes to big, overflows and then the request fails.

@NicolaiHoel
Copy link
Contributor Author

NicolaiHoel commented Jan 20, 2026

Closing this PR, might come back to this solution later

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sarahsa sarahsa sarahsa left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NicolaiHoel @sarahsa