0

I have ASP .NET Web API 2 with bearer token working so good.

My question this API is used by IOS mobile application i am not maintaining any cookie /session in the API side. when mobile user giving log in request i am authenticating user with database and sending bearer token for the successful response with 1 hr expiry.

  1. when my mobile user used Log-out from his application with in specified time, i should expiry the token forcefully inside API Log-out method.

  2. suppose my mobile user still more than 1 hours using the application after 45 min any request comes my token expiry should extend to another 1 hour.

Kara
  • 6,115
  • 16
  • 50
  • 57
Arul Selvan
  • 1
  • Not sure I follow exactly what you're after. Are you asking how to extend the token after expiry when there's no explicit logout action by the end user? – Stinky Towel Nov 15 '13 at 20:13
  • @StinkyTowel Either that or how to extend the token when the request comes in while still within the 1-hour expiry so the token won't last for just another 15 minutes, but again a whole hour. However, that doesn't make much sense to me as every authenticated request w/should either send a new token or reset the expiry period? – Marjan Venema Nov 16 '13 at 11:09
  • @Marjan - agreed, it doesn't make sense to reset on every request - only chk if within a few minutes of the expiration. Here's a good [SO post](http://stackoverflow.com/questions/7030694/oauth2-why-do-access-tokens-expire/7035926#7035926) with details that may help the OP. – Stinky Towel Nov 16 '13 at 13:33

0 Answers0