i implemented web api 2.x windows identity foundation oauth , owin middleware. problem expiration token fixed. have requirements user can stay active (sliding expiration) of 15 minutes.
i read there implementation of sliding expiration using cookie , sessionauthenticationmodule_sessionsecuritytokenreceived. appropriate approach web api? how cookies expiration work oauth/owin token expiration time?
there on other hand, refresh token. now, application not ipad app once logged in , stay in. it's more of web browser app. fact refresh token such long live worries me; along additional columns in implementing token refresh approach.
i confused why people take such different approaches. cookie approach more mvc instead of webapi? have angularjs app front end. implementation called two-legged server-client web api. authentication , application same server.
this closest found http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/
Comments
Post a Comment