Reputation: 4089
Seamlessly deal with authorization token expiration in client app
Say I'm developing an Evernote or YouTube client, and after the user logs in, the app gets an authorization token from the API server.
Then I use this token to interact with the server until, sometime later, the token expires.
The key is, I don't know if this token is expired until the server returns an error with a message like 'token expired'. Then I have to fetch a new token. Maybe it occurs while the user is posting a message.
So what is an elegant way to deal with this scenario? I want to combine fetching a new token with continuing the last request, so that the user just feels it works as usual.
Upvotes: 1
Views: 930
Answers (1)
Reputation: 464
It depends on which flow you're using. But in general, if you are able to refresh the auth token (via refresh token) without redirecting the user for credentials again, you should do it seamlessly.
Also, you should know exactly when a token is going to expire. If you're coding against an OAuth 2 implementation, the auth token response should give you an 'expires_in' field as a time span telling you exactly how long the token will expire after it was issued to you.
Upvotes: 1
Related Questions
- How to handle API token expiry
- Recommended simple access token expire handling for app
- Handling access tokens expire time
- Ignore expired tokens on certain routes
- Xamarin.iOS / Web API JWT refresh token if it expires
- Handle multiple unauthorised requests after access token expires
- Dealing with expired access tokens in OAuth2 implicit grant
- Android/IOS Secret expiration management with client credentials flow
- Implementing OAuth Refresh Tokens that never expire
- Handling expired access tokens in iOS app