Handle token authentication on the client side

android authentication single-page-application jwt

Given an API which uses token authentication (e.g., JWT), how would a client store and cache the token? To remedy the effect of stolen tokens, tokens usually expire after a certain amount of time. However, almost all applications require only to login once. How do they realize authentication? Do their tokens have no validity period or do the apps automatically apply for a new token?


Solution 1:

You can store your token in an Account Manager on Android. Regarding token validity all apps have this tokens expire from within hours to days depending on how fast you want to change them.

There is no specific way to handle expired tokens you will have to write your own custom logic for this. Generally what a lot of apps follow is if the user's token has expired they use an api that takes the old token and if the token is not a very old like if it expired within 1 - 2 days they give back a new token but if in any case the token is historic they will logout the user and ask him to again login by providing password and username via your basic OAuth mechanism.

Related

How to use list comprehension on a column with array in pyspark?
How can I calculate the median in a gamma distribution?
io.netty.channel.ConnectTimoutException when connecting to Mineplex
How to repair a malfunctioning button on a PS3 Dualshock controller?
Where is the Decaying Crypt?
Where can I EV train with Hordes in ORAS?
How do Vanguards handle Silver and Gold Multiplayer matches?
Under what conditions does loot despawn?
Is there a place to get/view pro replays on Starcraft 2? [closed]
Which Pokemon games do I need to have in order to 'Catch them All'? [closed]
How do I find the market value of items in World of Warcraft?
Looking for more detailed explanation concerning SMB flagpole glitch