Where and how to save the API authentication token?

Asked

Viewed 497 times

5

Hello, I’m with an angular application, which will consume a API. For that to happen, I must send one POST to another API, which serves only to generate a token that I will pass on all other requests. My doubt is this: after I generate this token, where should I save it? The first thing that comes to mind is to save directly at the bank, but it does not appear to be recommended. What is usually done in this situation?

angularjs angular asp.net-web-api iis token

1 answer

3


Depende to TTL (time-to-live, or lifespan) token.

  • If the token is short-lived: Keep it in memory (or cache) only.
  • If the token is long-lasting: Store it in bank, associated with the user (or process) who obtained it.

Remember that most services that work with authorization via token can return a 401 Unauthorized at any time, and the re-authentication process for any TTL is usually the same.

  • In this case, it is short-lived (15 min), and the server is an IIS. Could you tell me, how I would store this token in memory in an Angular application?

  • @Guilhermenes if it’s a token per session, create a service to store and share the value between the modules of your Angular application. If per user and your model allows a user to use two or more devices you will need to share the token with your backend.

Browser other questions tagged angularjs angular asp.net-web-api iis token

You are not signed in. Login or sign up in order to post.