session - Implement sliding expiration on asp.net webapi2 + sts + angularjs application -
we have webapi2, thinktecture identityserver , angularjs applications hosted on iis. our plan set webapi2 application stateless. here flow:
- users open our angularjs application. if not logged in, redirected login page.
- users enter credentials, , click login. credentials sent sts server. if authenticated, jwt gets returned.
- angularjs saves jwt in localstorage
- to access resources on webapi, angularjs application attaches jwt on every request.
- before attaching jwt, checks jwt's expiration date. if hasn't expired, request sent api; else, redirected login page.
we want session be valid 30 minutes. , when user on application, token should slide expiration datetime. easiest solution enabling sessions webapi application, don't want that. also, don't want token before every webapi call.
could implement sliding sessions/tokens in scenario? if so, how?
sliding expirations possible using identity server 3.
you'll need using access , refresh tokens. see here javascript example client using refresh tokens , here more details on refresh tokens , sliding expirations.
by way, there reason why you're handling jwt manually, instead of storing claims in cookie?
Comments
Post a Comment