-2

I am developing an app which is connected to a server through .net api.

What user logs in it generate an access token which is used to make network calls.

Requirement: After 20 mins of the generation of that access token, the token gets expired and the user have to log in again to continue using the app.

How can I achieve this feature that after 20 min the user will get logout from app and redirected to the home page.

If the user is using app even after 20 min from login? how to save the access token in app and remove it once user logout.

I have seen a couple of answers in Objective c but I want the answer in swift.

Saranjith
  • 11,242
  • 5
  • 69
  • 122
Fazeela Iqbal
  • 27
  • 2
  • 10
  • You are asking too many questions in a single post. 1. How to log out a user after 20 mins of app usage? 2. How to logout a user of 5 mins of app in background? 3. Where to store/remove the access token? 4. How to translate obj-c code to swift? – Shamas S Feb 20 '20 at 05:46
  • Limit it to 1 question per post. – Shamas S Feb 20 '20 at 05:46
  • One simple answer would be to manage the token from server. Always check if the token expires or not before performing next step. And store your token in userDefaults. – iOS Developer Feb 20 '20 at 05:49
  • I have edited my answer to get more specific about my main concern right now – Fazeela Iqbal Feb 20 '20 at 05:53
  • @SidharthKhanna how can I check if the token expires in my app? – Fazeela Iqbal Feb 20 '20 at 06:00
  • You can use the below given example or you can maintain this on server end like check, if the last generated token for the user is older than the 20 min then send something like "Session expired" etc and then logout. – iOS Developer Feb 20 '20 at 06:43

2 Answers2

0

Save your access token to the keychain, and timestamp it.

Write a function which gets you the API token from the keychain. Each time this function accesses the access token, it should check if its timestamp is older than 20 mins it should return nil, and then you shoudl take the user to the home screen.

Shamas S
  • 7,507
  • 10
  • 46
  • 58
  • but if a user is on a screen and no network call is taking place, how would I know that 20 min has passed because I have to log the user out automatically once 20 min would pass. that is the requirement. can I set something like a timer to know that 20 min has passed? – Fazeela Iqbal Feb 20 '20 at 09:17
  • @FazeelaIqbal, sure. You would still need to keep the timestamp. When the app stays in the background for too long, the timers will get cancelled. So when you come back to the foreground, if time has elapsed, you need to discard the access token. – Shamas S Feb 20 '20 at 12:01
0

Welcome to stack overflow

Short Answer

Create a timer in app delegate to track the token expiry. And reset timer when needed.

Long Answer TLDR;

To implement the feature as you have explained we need to

  • Keep track of access token expiry in app delegate only.

  • Start a timer for 20 mins when user logs in from AppDelegate.

  • Before making any API Calls access the token from app delegate (Internally you can save in any secure method for example KeyChain),
  • While accessing token from app Delegate check if timer is expired. If so present your login screen in the window.
  • If not present then make API Call and let the user do the tasks.

Advantage of this method

If you are sure that access token will expire in 20mins then without making any API calls we can logout the user from app.

Saranjith
  • 11,242
  • 5
  • 69
  • 122
  • Thanks for the answer. so if I set the timer, will it keep track of time even if the app is running in background? Sorry for my silly questions. I am new to iOS development and does not know much – Fazeela Iqbal Feb 20 '20 at 12:04
  • If your app is in background it will be available in memory for sometime, after that your timer will be deallocated. If user closes the app from app switcher, timer deallocates that moment itself. To handle this scenario save Date object at what time you taken the access token from server, and check the value on next launch – Saranjith Feb 20 '20 at 12:08
  • No should not depend on timer. Instead save date and time with the token and then compare current date and time with the saved one – iOS Developer Feb 20 '20 at 12:09
  • @SidharthKhanna If we need in real time, we need to use timer. So that automatically after 20mins user goes of to login screen – Saranjith Feb 20 '20 at 12:12
  • the api generates 401 unauthorized error if I try to make network calls with the expired token. can I use only this error to log out the user?is it a good approach? – Fazeela Iqbal Feb 20 '20 at 12:14
  • Yes, only if the app is in foreground but timer will not work in background. So you need to save date and time for that and check this in applicationWillEnterForeground – iOS Developer Feb 20 '20 at 12:14
  • Yes, you can do that, Thats what I explain on the comments above on your post. Check the last comment on your original post – iOS Developer Feb 20 '20 at 12:15
  • Timer won't work properly when application goes into background mode. So better to go with saved date and current date comparison. – Ashvini Aug 26 '21 at 04:27