Header is not updated on retry policy [RestEase+Polly combination]

[ShykerBogdan]

Hi!
Really need some help to understand what am I doing wrong with my RestEase+Polly combination for reauthorization.

My policy looks like this:

var policy = Policy
            .HandleResult<HttpResponseMessage>(message => message.StatusCode == HttpStatusCode.Unauthorized)
            .RetryAsync(1, async (result, retryCount) =>
            {
                await _authorizeService.RefreshAccessToken();
                RestEaseClient.Token = _authorizeService.AccessToken;
            });

And IRestEaseClient looks like this:

public interface IRestEaseClient
{        
    [Header("X-Token")]
    string Token { get; set; }

    ["root")]
    Task SomeMethod();
    .................
}

When the token expires the breakpoint inside the policy retry function is hit, I successfully receive the new token, set its value to IRestEaseClient.Token header, but for some reason, the retry request goes with the old header value and I still get 401. The next request after this will go fine, without 401 and hitting the reauthorize policy code.

[canton7]

Presumably Polly is re-sending the HttpRequestMessage as-is? That HttpRequestMessage has already been constructed by RestEase, and RestEase is now out of the picture. You can change RestEaseClient.Token all you like, that won't have any effect until you call SomeMethod again which constructs a new HttpRequestMessage.

At the very least, you need to update the X-Token header in your HttpRequestMessage with the new token. I might be tempted to go one step further, and handle the token entirely within an HttpMessageHandler.

[ShykerBogdan]

Thanks for your response!
So you suggest abandoning Polly and implementint my own HttpMessageHandler?

[canton7]

I'm not sure what would work best for you. For something as simple as refreshing a token and retrying once if the result is Unauthorized, it doesn't really matter IMO, and it's up for debate as to whether that falls into the realm of Polly. Pulling the token handling out of the RestEase interface into into a HttpMessageHandler at least keeps it centralised in one place, rather than having a request itself asynchronously changing a property on the RestEase interface, which feels a bit wrong.

[canton7]

(Converting to a discussion, per the issue template, as this isn't a bug)

[netclectic]

I had this same issue recently, I got around it by implementing my Polly policies inside the SendAsync of a custom HttpClientHandler. If you only have a single retry policy for your auth then you can just set the request header: request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", newAccessToken);, but if you have multiple retry policies you have to pass it through the policy context from one to the other.

I guess the same would apply for a custom HttpMessageHandler

[ShykerBogdan]

Could you please share your HttpClientHandler as an example?

[netclectic]

Edited slightly, so not tested as-is but should give you what you need.
If you only need the unauthorized policy then you can ignore the context parts and just set the header directly.

    public class CustomHttpClientHandler : HttpClientHandler
    {
        private AsyncRetryPolicy _retryPolicy = null;
        private AsyncRetryPolicy<HttpResponseMessage> _unauthorizedPolicy = null;

        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            _unauthorizedPolicy ??= Policy
                .HandleResult<HttpResponseMessage>(ex => ex.StatusCode == HttpStatusCode.Unauthorized)
                .RetryAsync(async (_, __, context) =>
                {
                    string newAccessToken = await GetAccessToken().ConfigureAwait(false);
                    // request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", newAccessToken);
                    context["AuthToken"] = newAccessToken;
                });

            _retryPolicy ??= Policy
                .Handle<HttpRequestException>()
                .RetryAsync();

            return _unauthorizedPolicy.WrapAsync(_retryPolicy).ExecuteAsync(
                action: async (context) =>
                    {
                        if (context.ContainsKey("AuthToken"))
                        {
                            string newAccessToken = Convert.ToString(context["AuthToken"]);
                            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", newAccessToken);
                        }
                        return await base.SendAsync(request, cancellationToken).ConfigureAwait(false);
                    },
                contextData: new Dictionary<string, object>());
        }

        private Task<string> GetAccessToken()
        {
            // TODO: implement refresh of user token
            return Task.FromResult("YmJMTB4ZRpAZZLz3pfJf");
        }
    }

[ShykerBogdan]

Thanks!