Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Token-based auth #1975


User avatar
0
eivanov created

Hi there!

I wrote backend with api based on ABP/ABPZero.

Next i want to develop mobile application, which can do some requests to API. Mobile app will not have auth functionality, but i want to create one user in my backend for internal authorize in mobile app . It's for security reason, i don't want to open my api methods for public access, only for authorized users. And mobile client should use this user for request api methods.

But api/Account/Authenticate returns different tokens on every request and if i auth from one mobile phone then auth from another, first token becomes invalid. So, i need to auth on every request...It's impossible of course.

So, should i write own method Authenticate, which will store token and expiration time in database and not generate token on every auth request with same credentials, but return stored from database?


2 Answer(s)
  • User Avatar
    0
    eivanov created

    Sorry, i'm wrong.

    First token remains valid.

    Nevertheless, is it the right way?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Nothing comes to my mind as a better solution. I think this is good to go :).