When do you renew your OAuth token?

M

Maxim Tarabrin2017-11-20 12:14:49

API

Maxim Tarabrin, 2017-11-20 12:14:49

I work with OAuth in a project. On the Django backend, on the Angular 4 SPA frontend. How and when do you refresh the token in your application? When the user logs in, he is given an object with everything he needs:

{
  "access_token": "gl4Ja6NWZOAZBphW2Hnfp79WV65eKv",
  "expires_in": 36000,
  "token_type": "Bearer",
  "scope": "read write groups",
  "refresh_token": "g9LnktosHBnA1HfVHBjrshlefMoXW2"
}

There is only one thought in my head, during authorization, put the token expiration date somewhere in a public variable and somewhere in the constructors check for this variable. If date > dates in a variable, then we update. What do you suggest, gentlemen developers?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Anton, 2017-11-20
@karminski

With each request from the front to the back, the back must check the token. If the token is invalid or expired, the backend issues a new token. It is not necessary to store the lifetime of the token on the front. The front, in fact, should know nothing but the address of the back.

A

Abdulla Mursalov, 2017-11-20
@amaprograma

You can update the token in case of an unsuccessful request. You can also bring the token expiration time to an absolute value, store it in localstorage, auth serivce will create a TimerObservable that will request a token refresh when the time expires.