I'm implementing one tap sign in like described here and everything is basically fine(I can get a token, verify it on backend and so on) but I have got one question. Do I need to store this token locally and send it to backend for every call which requires authentication? And if so how do I refresh it when it expires(because it has exp field and it's basically around hour long)? What is the standard approach to this? If I don't need to store and send it every time then what should I do instead? Thanks in advance, I'm new to auth/security related things so sorry for stupid question in advance.
Asked
Active
Viewed 417 times
3
grebulon
- 7,697
- 5
- 42
- 66
s0nicYouth
- 470
- 3
- 15
-
Similar question at: https://stackoverflow.com/questions/71064941/android-google-one-tap-refresh-token, no answer yet – grebulon Apr 13 '22 at 11:41