Menu
I'm using OAuth 2.0 owin security implementation(Bearer token) in my web api project. Is there any possibility to override default behavior and make sliding expiration of token, and how can I do logout from that kind of authentication?
850
The auth cookie sliding expiration resets the expiration time if a request is made and more than half of the timeout interval has elapsed. So mimic this functionality. When a user makes a request, check to see if more than half of the timeout interval has elapsed.
In OAuth 2.0, the following three parties are involved: The user, who possesses data that is accessed through the API and wants to allow the application to access it. The application, which is to access the data through the API on the user's behalf. The API, which controls and enables access to the user's data.
OAuth2 is the preferred method of authenticating access to the API. OAuth2 allows authorization without the external application getting the user's email address or password. Instead, the external application gets a token that authorizes access to the user's account.
If you follow the Web API template for ASP.NET and OWIN using OAuth, if you make a call to the AccountController logout function and pass in your Bearer token, you will be logged out and the bearer token will cease to be active.
For OAuth, you are expected to refresh the token before it expires or after it expires, or have the user re-authenticate to acquire a new token entirely after expiration. Inherently, the expiration of the token is fixed, but by implementing periodic refresh you end up with the same end result. The expiration slides with each refresh. This can all be configured in your OAuthAuthorizationServerOptions which is passed to your OWIN application context in Startup.Auth.
Hope this helps.
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
