Skip to content

JWT Cache

InworldJwtCache keeps one JWT per (apiKey, resources) pair in process and refreshes it ~60s before expirationTime. Use it on Blazor/ASP.NET Core backends to avoid hitting /auth/v1/tokens/token:generate on every request.

This example assumes using Inworld; is in scope and apiKey contains your Inworld API key.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
var apiKey =
    Environment.GetEnvironmentVariable("INWORLD_JWT_KEY") is { Length: > 0 } k ? k :
    DecodeKeyPair(Environment.GetEnvironmentVariable("INWORLD_API_KEY")).key;
var apiSecret =
    Environment.GetEnvironmentVariable("INWORLD_JWT_SECRET") is { Length: > 0 } s ? s :
    DecodeKeyPair(Environment.GetEnvironmentVariable("INWORLD_API_KEY")).secret;

if (string.IsNullOrEmpty(apiKey) || string.IsNullOrEmpty(apiSecret))
{
    throw new AssertInconclusiveException("INWORLD_API_KEY (or INWORLD_JWT_KEY + INWORLD_JWT_SECRET) is required.");
}

// Create one cache per (apiKey, resources) and reuse it across requests.
using var cache = new InworldJwtCache(apiKey, apiSecret);

// First call mints a fresh JWT.
var first = await cache.GetAsync();

// Second call returns the same cached token (no second round trip).
var second = await cache.GetAsync();

// After invalidate the cache mints a new token.
cache.Invalidate();
var third = await cache.GetAsync();
// Inworld may issue identical JWTs within the same clock second — don't
// rely on the token value changing; just verify we got one back.