MS SDK - Revoked token not handled properly

[tarasklimenko]

Description:

The MS SDK Webhooks Sample App does no handle revoked tokens properly. The scenario in which a users' token is revoked, the sample app throws "401 Unauthorized" with no ability to go throw consent flow to continue using the app.

Actual:

401 Unauthorized error is thrown when attempting to create new message index when access token has been revoked. App does not have option to go through consent flow again, must be shut down.

Stack Trace thrown:

[WebException: The remote server returned an error: (401) Unauthorized.]
   System.Net.HttpWebRequest.GetResponse() +6121443
   ATT_MSSDK.Sender.Send(HTTPMethods method, String relativeUri, NameValueCollection headers, Byte[] bodyBytes, String contentType, String accept, Boolean returnWebResponse) +1208

[InvalidResponseException: Failed: "Access Token not present" The remote server returned an error: (401) Unauthorized.]
   ATT_MSSDK.Sender.Send(HTTPMethods method, String relativeUri, NameValueCollection headers, Byte[] bodyBytes, String contentType, String accept, Boolean returnWebResponse) +2328
   ATT_MSSDK.RequestFactory.CreateMessageIndex() +307
   MIM_App1.CreateMessageIndex() in c:\att\webhook\Default.aspx.cs:374
   MIM_App1.CreateMessageIndex_Click(Object sender, EventArgs e) in c:\att\webhook\Default.aspx.cs:363
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +118
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +112
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563

Expected:

When users' access token is revoked, the app should take the user through the consent flow to get new access token and continue using the app.

Repro:

1. Create Notifications Channel via MS SDK Webhooks Sample App
2. Create Message Index
3. Create Notification Channel Subscription
4. Get Notifications
5. Via auth-api.att.com/permissions revoke the application
6. Get Notifactions
7. Notice 401 Unauthroized thown - no option to authorize user.

[junhuac]

When user revokes the application via auth-api.att.com/permissions, all access tokens, notification channels, subscriptions are deleted. As a result, the user would expect not being able to use the sample app in same session. The sample app shows how to use MSSDK notification functions, but it's the developer's responsibility to decide if an app is required and how to handle such scenarios in production.