Reputation: 19329
How to know if the oauth access token is expired
Description
In Web Api project template, after sending a POST request to the Token endpoint: www.mycoolwebsite.com/Token, we get a Json similar to this:
{
"access_token":"qkRwQD0A85...",
"token_type":"bearer",
"expires_in":14,
"userName":"[email protected]",
".issued":"Wed, 24 Feb 2016 18:15:53 GMT",
".expires":"Wed, 24 Feb 2016 18:16:08 GMT"
}
On the client side, (let say a mobile application) I am saving this json on a file, and to see if the token is expired, I compare DateTime.UtcNow to token's .expires key.
Question
Is this the correct way to see if an access token has expired?
If not, what is the best way check this?
Upvotes: 2
Views: 2588
Answers (1)
Reputation: 4681
I wouldn't check the access token's expiry time. Rather than build a mechanism to check the expiration time and handle it, why not just send the access token you have to the API and, if you get a 401 back, request a new access token. You'll have to build in logic to handle 401's anyway...why not rely on that instead?
Upvotes: 3
Related Questions
- Why Does OAuth v2 Have Both Access and Refresh Tokens?
- How is OAuth 2 different from OAuth 1?
- What are the main differences between JWT and OAuth authentication?
- What's the difference between OpenID and OAuth?
- How does OAuth 2 protect against things like replay attacks using the Security Token?
- Access tokens expire after only 1 day oAuth
- Return more data to the client with the bearer token using OAuth token generation WebApi
- How to make a client which authenticates against ASP.NET WebAPI?
- google oauth refresh token long lived solutions