session - Implement sliding expiration on asp.net webapi2 + sts + angularjs application -


we have webapi2, thinktecture identityserver , angularjs applications hosted on iis. our plan set webapi2 application stateless. here flow:

  1. users open our angularjs application. if not logged in, redirected login page.
  2. users enter credentials, , click login. credentials sent sts server. if authenticated, jwt gets returned.
  3. angularjs saves jwt in localstorage
  4. to access resources on webapi, angularjs application attaches jwt on every request.
  5. before attaching jwt, checks jwt's expiration date. if hasn't expired, request sent api; else, redirected login page.

we want session be valid 30 minutes. , when user on application, token should slide expiration datetime. easiest solution enabling sessions webapi application, don't want that. also, don't want token before every webapi call.

could implement sliding sessions/tokens in scenario? if so, how?

sliding expirations possible using identity server 3.

you'll need using access , refresh tokens. see here javascript example client using refresh tokens , here more details on refresh tokens , sliding expirations.

by way, there reason why you're handling jwt manually, instead of storing claims in cookie?


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -