Click here to Skip to main content
15,880,725 members
Search within:


Regarding oAuth Token used in web api
Please Sign up or sign in to vote.
0.00/5 (No votes)
Quote:
Hi, I am using OAuth/Owin to generate a token and when that token is sent back in the Authorization header of the request; it gets compared automatically and that's how I validate whether the request is coming from valid user or not.Token is of bearer type.

Code that is used to generate token is as below:


C#
private string GenerateAuthToken(TelephonyLoginCdto loginDto, double tokenExpirationTimeInHours)
        {
            //Generate AuthToken
            var identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
            identity.AddClaim(new Claim(ClaimTypes.Name, loginDto.Username));
            var currentUtc = DateTime.UtcNow;
            var props = new AuthenticationProperties()
            {
                IssuedUtc = currentUtc,
                ExpiresUtc = currentUtc.Add(TimeSpan.FromHours(tokenExpirationTimeInHours))
            };
            var ticket = new AuthenticationTicket(identity, props);
            var accessToken = StartUp.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
            return accessToken;
        }


Quote:
An external system would consume my API. Flow would be: 1. External system hits login api first. Login api returns a token. 2. External system use that token and pass it in another request Authorization header to do some update using another method of the API.

They can repeat the above process many times in a day say 5~6 times.They come and hit login; get token. Use that token to do some operation by calling save/get methods of API.

My problem is when external system is not hitting any of my API methods for a longer period of time and is idle. Now if external system has to hit the API to do something they need to hit login API again in order to get the token and then consume other methods of API. If they do it more frequently say within 10~15 minutes it take only 1~2 seconds to return the token but if they do it say after 2~2.5 hours my login API taken 30 seconds to return the token.

I am not doing any refresh token mechanism and kind of thinking is it taking this much of time because so many token are already generated and owin is trying to clean the server and then given token. I am not sure what is the problem. Can someone help?
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Trying to do linkedin authorization code flow (3-legged oauth) but I keep getting this error 'unable to retrieve access token
How to capture the generated Access token before it is sent in the response Using Oauth in Web api
Restrict the uses of oauth security token generated with ASP.NET WEB API 2.0 to one user device only
Web Api using oauth 2.0
Issue with implementing oauth authentication in ASP.NET core
Oauth confusion about token generation
Generate one token per user in oauth bearer-token
How to generate oauth 2.0 access token of azure API in jquery AJAX method
Logical issue with oauth 2.0 implementation in react app - redirect after successful login not working
How do I resolve error invalid_scope for uberats api token access

Advertise
Privacy
Cookies
Terms of Use
Last Updated 15 Apr 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900