Nov 26, 2019 09:59 PM|mgebhard|LINK
This is a standard web application state management question. The proper ASP.NET state management feature to implement is up to you. If the service client is the web application then server side state management is best. Session is fine but I would use
a cache where the cache expiration is the same as the token expiration. If the token cache is empty then you know the token timed out and need to request another token. Or you can use the expiration to know when to refresh the token.