Menu
I am client of an asp net web API application which uses token based authentication. The token structure is as follows:
{
access_token: "…",
token_type: "bearer",
expires_in: 3599
}
obviously it is set to expire, and I am currently asking for a new token with every request, which i believe not to be a good practice since every API request is actually 2, one for authentication and another for the actual request. So am trying to implement some caching of the token, but i do not know what exactly the expires_in field means, is it seconds, miliseconds?
911
Custom API token lifetime By default, an access token for a custom API is valid for 86400 seconds (24 hours). We recommend that you set the validity period of your token based on the security requirements of your API.
The easiest way is to just try to call the service with it. It will reject it if it is expired and then you can request a new one. You can also keep the time you received the token and use the expires_in to calculate when it will approximately expire.
However, this means there is no way to expire those tokens directly, so instead, the tokens are issued with a short expiration time so that the application is forced to continually refresh them, giving the service a chance to revoke an application's access if needed.
Looking at oAuth2 protocol spec :
expires_in RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value.
144
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
