I have application that continuously running in background. The app uses UCWA REST api. After authentication I get OAuth token and some expiration time. Authentication docs say "The lifetime of a token is eight (8) hours for authenticated users. The client application should monitor the expiration time and refresh the token as required". So, when is it required to refresh token? What expiration time should I have in reserve when starting refreshing token? 1, 10 or 60 minutes? What are OAuth best practices?
When to refresh token?
1.3k Views Asked by Sergey Maksimenko At
1
There are 1 best solutions below
Related Questions in REST
- Query parameter works fine with fastapi application when tested locally but not working when the FastAPI application is deployed on AWS lambda
- Add an http GET/POST entry point to a Django with channels websocket
- Difficulty creating a data pipeline with Fabric Datafactory using REST
- Flutter connection to a local api
- Accessing REST API Status Codes using Azure Data Factory Copy Activity (or similar)?
- Mass Resource deletion in REST
- why when I check endpoint /tasks, an error always appears "error : invalid token" even though I have entered the appropriate token that I got
- How to prevent users from creating custom client apps?
- How to create a REST API with .NET Framework?
- Efficiently Handling Large Number of API Calls with Delphi 10.4 and OmniThreadLibrary
- Put Request throwing 401 [no body] Unauthorized
- Converting img src data to octet-stream
- Implementing Email Verification and Notification System in a Full-Stack Application with React Frontend and Node Backend
- Micronaut - Add Controller from external library
- Moving Template or OVA to Datastore using vCenter API
Related Questions in AUTHENTICATION
- Authenticate Flask rest API
- Sends a personalised error message from the back-end to the front-end with Nuxt-auth
- How to connect Spotify PKCE Authorization Boilerplate to Login-Button in React
- Laravel SPA auth with Sanctum
- _supabaseClient__WEBPACK_IMPORTED_MODULE_1__.supabase.auth.signIn is not a function
- My openID Authentication return 'You must have either https wrappers or curl enabled.'
- How to detect the Minimization of Custom Chrome Tabs on Android?
- Wordpress redirect to homepage after successfully logged in
- How to modify the prebuilt UI of authentication in aws amplify version 6 in React Native
- Creating a login system for my website, navlist not working?
- Receiving 400 bad request on post when customer auth handler is used
- Creating Azure B2B login system with Vue.js frontend & Python Django backend
- Gradio chatbot: how to export individual conversation histories?
- Set-Cookie header not forwarded by nginx to the client
- git asking for authentication when auth.json is present while running composer update
Related Questions in OAUTH
- Lambda endpoint for the Google OAuth callback does not recieve the access_token
- Miro oauth api throws error 401 Invalid authorization code
- Error from Identity Provider - OIDC Scope Error
- get refresh token in axios interceptor
- How would single sign-on work for my multi-tenant application?
- How to get OAuth2 Access token from Postman
- How to use Oauth in order to log‑in on .googleapis.com on almost any arbitrary endpoints domains from the web browser?
- How to fix common 500 internal server error when use POST method on NEXTJS
- How to use a different account for OAuth with dbt-core and profiles.yml?
- ASP.NET Core Google external login issue
- Implementing IDP Initiated Flow Using OIDC
- Migration of UseOAuthAuthorizationServer from .Net Framework to .Net8
- Django Allauth Bad Request Error, Error Retrieving Access Token: Invalid Grant
- angular oauth 2 oidc doesn't work with github idp
- Handling oauth in flutter app without browser
Related Questions in LYNC
- Lync 2013 Client SDK - unable to turn off only my video
- C# Application Lync Function migrated to MS teams
- UCWA - getting all meetings not just ones you scheduled
- Migration from Skype for Business on premises to Teams
- Is there any code # cmd powershell to change Lync call forwarding setting to new number?
- Is there a way to connect to New-CsOnlineSession using an oauth token?
- Easiest way to get skype user presence using dotnetcore?
- Open user in skype-for-business(Lync)
- Batch Delete Folders That start a specific way
- Skype for Business 2019 and MSPL + managed code not working
- Is there any document that maps the status codes returned in Client.StateChanged Event with their intended purpose?
- Is Lync CWE is compatible with Skype for Business
- How to dock Skype4Business main window to parent application
- Can microsoft team app be used in UI suppression mode as Skype for business?
- UCMA 5.0 - File sharing doesn't work if conference is created by an UCMA application
Related Questions in UCWA
- Skype For Business Server 2019 - Better way to Integrate the Chat Bots with server 2019
- UCWA - getting all meetings not just ones you scheduled
- UCWA: error when sending multiple messages
- Making API calls to Skype for Business / Lync without registering application
- Skype for buinsess online integration Chat Sysytem
- Easiest way to get skype user presence using dotnetcore?
- Getting User Presence using UCMA?
- Skype For Business - Receive IM not working with the below steps
- Spring Rest Template - Post Request String Body to azure gives 500 error
- Azure Active Directory - Setting Token Expiry in java
- "Authority URI should have atleast one segment in the path (i.e.https://<host>/<path>/)"...; When Using UCWA2.0 In C#
- Issue on sending an IM with UCWA (Skype for Business)
- How can I properly send a batch request using UCWA 2.0?
- How to login of my skype business account using python?
- Skype For Business Online Authentication Error - 403 Permission Denied
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The response from ticket service will provide the user with the OAuth token, type of token, and an expiration value. This value is measured in seconds which means you can divide out minutes (60) or hours (3600) to get a value that you can expect requests to start failing with 401 Unauthorized. Monitoring is most useful when the application is using anonymous meeting join because the token expiration is much shorter, ~1 hour, and it is the only authentication mechanism to directly offer renewing a token.
This leads to two potential approaches:
It is better to wait for the 401 to come before taking action to refresh the token in a non-anonymous meeting join scenario.