none
[Java][Mobile Apps] Auth Token Expiry, Android and Node.js RRS feed

  • Question

  • I am using the new Android SDK's native login method. The auth token I receive only lasts a few hours. How can I extend the life of my auth token? For example, with Facebook login, I even added an extra api call to receive (what facebook calls) a long lived token, and then I use that same facebook token to login using the Azure Android mobile app sdk. Which does log me in, but I realise that after a day I receive 401's again.


    Friday, January 29, 2016 11:08 AM

Answers

  • Unfortunately that source code is not public at this time. The good news is that we're fixing the issue on our end so that your Auth token will last several days instead of one hour. The fix will hopefully make it into production in 2-3 weeks and won't require you to change or redeploy your application. This is definitely a bug in our Auth platform and I apologize for the inconvenience it's causing you. Also, I should mention that it's not necessary for you to provide us with the long-lived Facebook token. Our backend will exchange the short-term token for a long-lived Facebook token automatically.
    • Marked as answer by Cellas123 Wednesday, February 3, 2016 2:30 PM
    Wednesday, February 3, 2016 2:26 PM

All replies

  • Can you share some code snippets that show what you're doing to acquire your tokens?
    Friday, January 29, 2016 5:37 PM
  • Yes firstly I make a call to my own custom api which just does a call to facebook.com which gets the long lived token, with this token I do 

    JsonObject jsonObject = new JsonObject();
    jsonObject.addProperty("access_token",authToken);
    
    ListenableFuture<MobileServiceUser> mLogin = mClient.login(provider,jsonObject);

    The result of this login will provide me with another token which I store in shared preferences (the one that I assume is expiring). Whenever I need to use my MobileServiceClient object, I check my shared preferences for a valid token, and then set it like so.

    SharedPreferences prefs = context.getSharedPreferences(getUserStorage().SHAREDPREFFILE, Context.MODE_PRIVATE);
    String userId = prefs.getString(getUserStorage().USERIDPREF, "undefined");
    String token = prefs.getString(getUserStorage().TOKENPREF, "undefined");
    if (!userId.equals("undefined") && !token.equals("undefined")){
       MobileServiceUser user = new MobileServiceUser(userId);
       user.setAuthenticationToken(token);
        if (serviceClient != null) {
            serviceClient.setCurrentUser(user);
        }
    }


    • Edited by Cellas123 Saturday, January 30, 2016 9:21 AM
    Saturday, January 30, 2016 9:20 AM
  • Hi,

    The HTTP code 401 means the auth token expires or is revoked. Then, you need to be able to detect an expired token, and refresh it by using a ServiceFilter from the Android Client Library.

    As reference, please see the section "Refresh the token cache" of the doc "Add authentication to your Mobile Services Android app (JavaScript backend)" to know it.

    Best Regards.

    Monday, February 1, 2016 6:56 AM
    Moderator
  • To clarify further, when you receive the 401, you should obtain a new copy of authToken from the Facebook SDK for Android and send that to the server in the same way you have detailed above.

    The Facebook SDK should handle the refresh action and only present UX to the user after a long period.

    Monday, February 1, 2016 4:37 PM
  • Hi guys. I have already implemented refresh of my token. I just feel that its terrible to have to refresh my token every few hours. Is there no way I can set my token expiry time almost like this.

    I am just not sure how to take the node.js examples and apply them to my facebook login.

    Wednesday, February 3, 2016 11:22 AM
  • As a side note. If I can find the source code that triggers when calling for example https://thisisjustanexample.azurewebsites.net/.auth/login/facebook, then I would be able to see what azure does with my facebook token, and I would be able to alter the token logic. Anyone know where I can find the source code?
    Wednesday, February 3, 2016 1:34 PM
  • Unfortunately that source code is not public at this time. The good news is that we're fixing the issue on our end so that your Auth token will last several days instead of one hour. The fix will hopefully make it into production in 2-3 weeks and won't require you to change or redeploy your application. This is definitely a bug in our Auth platform and I apologize for the inconvenience it's causing you. Also, I should mention that it's not necessary for you to provide us with the long-lived Facebook token. Our backend will exchange the short-term token for a long-lived Facebook token automatically.
    • Marked as answer by Cellas123 Wednesday, February 3, 2016 2:30 PM
    Wednesday, February 3, 2016 2:26 PM