CODEWITHSUNDEEP
c#asp.netasp.net-web-api
Luiso
Luiso

Reputation: 4113

asp net web api Authentication token expiration?

I am client of an asp net web API application which uses token based authentication. The token structure is as follows:

{
    access_token: "…",
    token_type: "bearer",
    expires_in: 3599
}

obviously it is set to expire, and I am currently asking for a new token with every request, which i believe not to be a good practice since every API request is actually 2, one for authentication and another for the actual request. So am trying to implement some caching of the token, but i do not know what exactly the expires_in field means, is it seconds, miliseconds?

Upvotes: 7

Views: 8733

Answers (2)

NIKIL S
NIKIL S

Reputation: 11

The expires_in field describes the expiration duration of that access token in seconds. In your case, it expires in 3599 seconds which is equivalent to 59 minutes and 59 seconds.

Instead of generating a new token for every request, you can perform caching of the tokens in your client application. Before that, you have to check whether there exists a valid token by comparing the current time and the expiration time. If there is no valid token present, then you can generate a new one and store it in your client application along with its expiration time.

Upvotes: 1

Enes
Enes

Reputation: 1125

Looking at oAuth2 protocol spec :

expires_in RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value.

Upvotes: 5

Related Questions