CODEWITHSUNDEEP
c#asp.netangularjsasp.net-web-apirestful-authentication
Thomas.Benz
Thomas.Benz

Reputation: 8599

Logout function from AngularJS client side

I am trying the following article to practice the login and register functions from client side using AngularJS and token-based authentication mechanism. However, the article does not mention how to handle logout and expired authentication token functions from client side using AngularJS.

My questions: 1) If I want to add a global HTML Logout button and if user presses that button, then how can I clear authentication token from client side Angular scripts as well as from the server side (.Net/C#)?

2) I set the valid period for the authentication token (from server side codes .NEt/C#) to 60 minutes. If the browser is idle (no user interactions at all) in 60 minutes or more, then how the user is automatically kicked the site and directed to the login page if he resumes his work on the browser after 60-or-more-minute-idle interval?

Thank you in advance.

Article link:

Getting started with AngularJS and ASP.NET MVC - The long awaited Part Three

Some summary details about the token-based authentication the article author uses:

POST token request body:

grant_type: password userName: [email protected] (or whatever you registered with) password: Password1! (or whatever password you set when registering)

And token response:

{ "access_token": "R-AejC88wImTKUulwlZBRsR620zXuHcrjV26UGObVjl5s9aqJIhs2hzt60CdLhL0hXNR-kyLTgrTfiMDV4JZJsmC1jV3MQHKcScsW6lYAMz1kegSyQiSfRHVj8W1E76x9uiHYJVIWhwA_RH7GkTn3K_Z0ugV_0qsSd1cWZ5qpqRedrS1vbHNIr7PR-FvAcKGA5c0S7ffadD8TP6N8OX8AyEg2t5rxppAeT2AlqlY3G5HdJqDkPgXQx5pL_xXRWkQCuOhIgUCm-6TDAksNf-EJ7HzPKD7nl7KU8Pd66rQO56p_vtq6eOO9OtgAmN8FviR-gNKGHCsz4udPrAKTExF_Ht4hBpbLoiGIXIbVUpzTeB-RMZUMMcRgByo4tCELjd41pV0mjaXHS6s7mTuwlgGmxiAU5AoYgNTXVOe9YegZMvjW_lAIUw0YlZ0m7RAiPOTTDlRzmV1ntm3YGvAN9h9_m027twqfGz5YsHsbh3RYW8", "token_type": "bearer", "expires_in": 1209599, "userName": "[email protected]", ".issued": "Sun, 16 Nov 2014 22:55:45 GMT", ".expires": "Sun, 30 Nov 2014 22:55:45 GMT" }

Upvotes: 0

Views: 913

Answers (1)

Vagner Lucas
Vagner Lucas

Reputation: 477

Q1: as jpgrassi said, you can remove/set undefined the user token since you stored it (the example case: SessionService.token) on a "logout" event.

Q2: considering you know how to setup Owin, you can change the AccessTokenExpireTimeSpan in the OAuthAuthorizationServerOptions. Example: 

...
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() {
  AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(minutes) 
};
...
app.UseOAuthAuthorizationServer(OAuthServerOptions);

Upvotes: 1

Related Questions