The Grid dataSource allows you to include Headers in the requests so you can send the tokens to the controller. If the tokens are expired, then you can respond with an error message and display that in a popup if further user action is required to manually generate the tokens:
In addition to that the Data() method on a read action can also be used for sending AntiForgeryTokens:
However, it looks like you can Authorize the controllers directly looking at IdentityServer documentation section here:
Progress is here for your business, like always. Read more
about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.