Is PersistedAccessTokenCache thread safe?

[taneltinits]

Hi,
For me it seems that PersistedAccessTokenCache is not thread safe and when the token expires, multiple threads will try to update the saved file simultaneously. This is causing different errors in Windows and dockerized Linux environments.
On Windows machine I get IOException: The process cannot access the file '...\\.zeebe\\credentials' because it is being used by another process.\
On Linux container its something like Unauthenticated: Failed to parse bearer token, see cause for details
And the errors in the logs only pop up at the time when token is being updated.

Has anyone else experienced similar issue?
What could be the fix for it? Using Semaphore for the token update? Or maybe I have missed something with the setup?

[taneltinits]

Update: When playing around and trying to fix the CamundaCloudTokenProvider I found that apparently we can provide another TokenSupplier to the builder. It just has to implement the IAccessTokenSupplier interface. So we can use dotnet own libraries to fetch and cache the tokens.

[Zelldon]

Do you want to show case the solution ? So maybe other can benefit from this as well? Or maybe we can add it to the project then later as well :)

[taneltinits]

Sure. Will try to explain in short.
So, I created an implementation for IAccessTokenSupplier which is using Duende access token manager service to fetch and cache tokens.

public class AspNetTokenSupplier(IClientCredentialsTokenManagementService service) : IAccessTokenSupplier
{
    public async Task<string> GetAccessTokenForRequestAsync(string authUri = null,
        CancellationToken cancellationToken = new ())
    {
        var token = await service.GetAccessTokenAsync("zb-client", cancellationToken: cancellationToken);
        if (token.AccessToken is null)
        {
            throw new AuthenticationException("Failed to get access token");
        }

        return token.AccessToken;
    }
}

Token manager is set up in Program.cs

builder.Services.AddClientCredentialsTokenManagement().AddClient("zb-client", client =>
{
    client.TokenEndpoint = authUrl;
    client.ClientId = clientId;
    client.ClientSecret = clientSecret;
});

Then IAccessTokenSupplier is registered in dependecy injection.
builder.Services.AddSingleton<IAccessTokenSupplier, AspNetTokenSupplier>();

Implementation for it is added to Camunda client.

var client = ZeebeClient.Builder()
    .UseLoggerFactory(new NLogLoggerFactory())
    .UseGatewayAddress(zeebeUrl)
    .UseTransportEncryption()
    .UseAccessTokenSupplier(builder.Services.BuildServiceProvider().GetService<IAccessTokenSupplier>())
    .Build();

I created an example project in my forked repo: https://github.com/taneltinits/zeebe-client-csharp/tree/feature/tokensupplier-example/Client.Cloud.TokenSupplier.Example. Buts its kind a difficult to try it out locally, because using UseTransportEncryption means having zeebe over https.

Thats it. No need to use custom code for token management ;)