1

I am developing mobile apps with Ionic2 for frontend, django rest framework for backend and django oauth2 toolkit for authentication. While the mobile app user submit the email and password server returns the client_id, access_token and refresh_token and save them in local storage of mobile phone. Whenever mobile app user open the app, it request with access token and client id so that they can automatically login the user. And if this procedure fails, it request again with refresh token to get new access token.

My question is that the way I am doing is right for mobile users to not have to login anymore after first time? and also even the mobile app user open the app after long time like for example 1 year, could it be still possible that mobile app user can be logged in without logging in again?

I just want to be sure if there is any limit time of refresh token or some possibilities.. Thanks in advance guys!

nextdoordoc
  • 1,727
  • 6
  • 20
  • 30

1 Answers1

0

If you think that you mobile can access after a year, then you are wrong. Even you can't access it after a certain period of time. And this period should be given by you that, how much time you want to make your token live.

And it's really weird solution to make token for life time.

I think this may help you --

OAuth2 and Google API: Access token expiration time?

Why do access tokens expire?

Community
  • 1
  • 1
Mohammad Ashraful Islam
  • 1,879
  • 15
  • 29