I have implemented a simple-ember-auth on the front and oauth2-server on the back, using password and refresh_token grants. When the authorisation token is about to expire (this time is set on the server), simple-ember-auth issues a refresh token request, and gets a new authorisation token.
That's cool, however, I need to automatically invalidate the session after a certain inactivity time. Currently, OAuth2PasswordGrantAuthenticator seems to issue the token refresh request ad infinitum, it seems.
I would welcome any suggestions or thoughts how to implement this.
Aucun commentaire:
Enregistrer un commentaire