I have application that continuously running in background. The app uses UCWA REST api. After authentication I get OAuth token and some expiration time. Authentication docs say "The lifetime of a token is eight (8) hours for authenticated users. The client application should monitor the expiration time and refresh the token as required". So, when is it required to refresh token? What expiration time should I have in reserve when starting refreshing token? 1, 10 or 60 minutes? What are OAuth best practices?
When to refresh token?
1.3k Views Asked by Sergey Maksimenko At
1
There are 1 best solutions below
Related Questions in REST
- Spring RestTemplate passing the type of the response
- .net rest service with JSON string and consumed with java client
- SuiteCRM how to retrieve all account related contacts
- http status code for failed email send
- cloud foundry - 413 Request Entity Too Large
- Why does PHP add "\r\n" to an empty string?
- WCF Service not accepting multiple body parameters
- How to send Rest GET request that contains "#" value in url parameters?
- Phalcon PHP - RESTful API
- Object of class CS_REST_Wrapper_Result could not be converted to string in CAMPAIGN MONITOR
- purchase individual items and subscriptions in the same PayPal REST API transaction
- Empty Response Received on Android POST Request
- angular load more tweets onclick
- Async vs Horizontal scaling
- Responding to an Office 365 event invite via REST
Related Questions in AUTHENTICATION
- Access roles from multiple applications
- Different storyboard's entry points depending on a parameter
- SoundCloud Authentication Consistently Returns 401 invalid_grant For Some Users
- sendxmpp not authorized failure (Error AuthSend)
- Retrieve user information from Active Directory on login
- Log in through active directory
- Ember.js REST Auth Headers
- Validate Deezer access token on server
- Why does IIS Anonymous Authentication turn on by itself after I publish my project to server?
- Laravel - session data survives log-out/log-in, even for different users
- How can I share Azure Active Directory authentication between server side and client script?
- django rest framework - token authentication logout
- NameValuePair, HttpParams, HttpConnection Params deprecated on server request class for login app
- How to delete user from _User through Parse REST API
- Cannot login with new SQL User - SQL 2014
Related Questions in OAUTH
- Using html5 localstorage instead of cookies with passport.js
- OAuth integration with QuickBooks using Scribe
- OAuth with Developer tokens
- Oauth in Tyrus WebSocket
- Accessing Picasa Web API using PHP
- how can I access user details through "oauth_token" from twitter api in ionic framework
- Is my JWT refresh plan secure?
- When to refresh token?
- SignalR oAuth on self host
- Bearer token in MVC controller to access Web API
- OAuthorization through app or web api
- Authenticating mobile app login using webservice using oauth connection
- Testing local rails application with OAuth
- Configure the authorization server endpoint
- Azure Active Directory Login: Web App Permissions, User Consent not triggered
Related Questions in LYNC
- UCWA: integrating advanced chat options
- When to refresh token?
- Added SIP-headers in MSPL application missing/being removed in Lync 2013
- Use Current Lync Session with UCWA
- Correct workflow for presence subcription for day/night
- Is UCMA 4.0 SDK free especially since it has Lync Server 2013 in the installation packages?
- Understanding PowerShell cmdlet for adding a trusted UCMA 4.0 application and a trusted UCMA 4.0 application endpoint
- Lync 2013 UCMA WCF Web Service
- Lync 2013 - consuming 180 ringing responses from a forked request
- Silent Uninstall lync 2013 client
- Microsoft Lync crashes on double clicking any user from the contacts list
- Custom Command Passing Converstation Text
- Lync CWE Automation server can't create object
- Set meeting with Skype for business (lync) using rest api
- Can we use Lync/Skype SDK in Eclipse IDE
Related Questions in UCWA
- UCWA: integrating advanced chat options
- When to refresh token?
- Use Current Lync Session with UCWA
- Lync / Skype 4 Business Bot
- Correct workflow for presence subcription for day/night
- Accessing Skype for Business API (UCWA) : HTTP 403 / Forbidden
- Trusted Application API : Presence
- Re-using UCWA app after page reload
- Does UCWA support for the chat room using REST
- Obtaining token from token service
- Outofbox SharePoint Presence Control to use UCWA Lync API
- Microsoft Teams User presence application not working
- how to access UCWA API in android code?
- Can we do screen sharing using UCWA API (Lync) and Voice call?
- How to send toast message from SFB web SDK to UCMA Bot
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The response from ticket service will provide the user with the OAuth token, type of token, and an expiration value. This value is measured in seconds which means you can divide out minutes (60) or hours (3600) to get a value that you can expect requests to start failing with 401 Unauthorized. Monitoring is most useful when the application is using anonymous meeting join because the token expiration is much shorter, ~1 hour, and it is the only authentication mechanism to directly offer renewing a token.
This leads to two potential approaches:
It is better to wait for the 401 to come before taking action to refresh the token in a non-anonymous meeting join scenario.