OpenStack access token refresh

Question

In my Node.js application I use OpenStack Swift (Object Storage) as a storage service. The app needs a authorization token to access the storage service, the (small) problem is the access token needs to be refreshed once in a couple of hours. How should I do it to provide smooth experience to end client?

1. Refresh the token when expired in a reaction to OpenStack 401 response code.
2. Schedule the token refresh request manually via some sort of node scheduler or cron task.

The app relies heavy on access to storage service. Using option 1 will effectively limit the access to app for my clients for a second. This may seem nothing but if you multiply this by the number of clients its not so small.

If the application relies on some database/storage that requires authorization What is the industry standard for performing such server-to-server authorization requests? For some reason obtaining token from OpenStack Keyrock takes a lot of time (~1s) that's why I'm asking.

NOTE: currently I'm not in a position to influence tokens lifetime.

Answer 1

Considering that you do not have the ability to change auth token lifetimes and are looking to hide the authorization refresh from users, it would seem only appropriate to go with your second option. Fortunately, timed asynchronous actions are easily implemented in Node.js.

It seems best to have this to have this update service rely on either the timeout threshold or expiration timing. Defining arbitrary timings doesn't seem optimal.