question

matt-spinks avatar image
matt-spinks asked ·

Best Practices With OAuth and Multiple Processes

I'm looking for some guidance on how to handle multiple backend processes attempting to access the RingCentral api for the same account simultaneously. Each separate process runs independently, on a separate schedule, and has its own token refresh logic built in. For the most part, this all works well. But every once in a while I end up with a token that is "expired". The only way to resolve it is to have the user log back into our app so the token can refresh again.

This happens very infrequently, but often enough that it's an annoyance both to me and to the customers impacted. But it's infrequent enough that it's hard to track down the issue. I am suspicious that my two separate processes are colliding with each other, getting fired off at the same time, and the refreshed token in one process overrides the refreshed token in the other one, and the system ends up with an invalid token at the end. Is that a possibility?

What is the best way to handle this scenario?

Just a little background - the two processes run continuously, on separate schedules, and check the user's account for new data. One process runs every 5 minutes, and the other process runs every 2 minutes.

oauth2oauth
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image
Phong Vu answered ·

Hi Matt,

Sorry for the delayed response. Are you looking for solutions for password flow or OAuth authentication? There must be different approach for different authentication method. So let me know.

1 comment Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Sorry for the delay on this. I didn't realize I had a response here. We are using OAuth.

0 Likes 0 · ·
Anirban Sen Chowdhary avatar image
Anirban Sen Chowdhary answered ·

One way I can suggest is sharing the access token among multiple backend process. If you are using API calls in backend process with access token, which I am assuming, you can share that with the multiple calls. One of the way is using Caching the token for a particular period of time and using the token among different processes.

That will avoid colliding and overriding issue you are facing

1 comment Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Hi Anirban,

We are in fact sharing the token amongst all the different processes and resources. The problem that we encounter sometimes (very rarely) is that process 1 and process 2 fire off at the same time, after the token expires. Process 1 initiates a token refresh, and process 2 also initiates a token refresh at the same time. Process 1 might have fired off a little sooner than process 2, so process 2 has the latest and correct token. Ideally, the latest refresh should be saved last (process 2), and that should be fine. However, occasionally, process 1 might be delayed a few milliseconds. And so the result of the token refresh of process 1 gets saved last and over-writes the correct new token from process 2.

I'm looking for some general guidelines on how to handle this. It's rare when it happens. But it occasionally does (I think). Is there some sort of safeguard on the RingCentral side that ensures that results from multiple token refreshes are identical?

0 Likes 0 · ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.