The access token issued by Backend Services is a user token with a relatively long lifetime ("long lived token"). However, it may expire prematurely if some of the events described in the documentation occur.
The expiration time cannot be set programmatically. Unfortunately, the expiration date is also not returned by the server with the Access Token object.
Currently, we do not have any logic for refreshing access tokens. The developers are advised to verify the token using the currentUser() method, or as in the case of the .NET SDK - GetMe() method.
After that, there are several scenarios that must be handled in the client app:
- When the user is authenticated (e.g. the access token is valid) the returned object will contain all user information for the current user.
- When there is no token sent with the request the result will have a value of null.
- When the passed token is not valid or the user is logged out an error result will be returned that contains the following message and error code:
"Invalid access token."
: 301 }
- When the user entity has been deleted an error result will be returned that contains the following message and error code:
: 601 }
Please, let us know if further questions arise.
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.