I have written logic in startup.cs to expire the token in every 10 minutes. but I worry when multiple users invoke the API different token will be generated for different users, then how the state & token validity is maintained for different users? For example,
- user1 get the token at 05:15 PM and this should expire at 05:25 PM - request after 5:25 should be rejected from user1
- user2 get the token at 05:20 PM and this should expire at 05:30 PM - request after 5:30 should be rejected from user2
That means after 5:25 user1's operation should be revoked and user2 can use the token which is assigned to him and can do the operation till 5:30. How this is maintained and where it is managed?
public void ConfigureAuth(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
var OAuthOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/tokenPath"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(10),
Provider = new OauthProvider()
};
app.UseOAuthBearerTokens(OAuthOptions);
app.UseOAuthAuthorizationServer(OAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
}
