Web api owin OAuth 2.0 sliding expiration
I'm using OAuth 2.0 owin security implementation(Bearer token) in my web api project. Is there any possibility to override default behavior and make sliding expiration of token, and how can I do logout from that kind of authentication?
If you follow the Web API template for ASP.NET and OWIN using OAuth, if you make a call to the AccountController logout function and pass in your Bearer token, you will be logged out and the bearer token will cease to be active.
For OAuth, you are expected to refresh the token before it expires or after it expires, or have the user re-authenticate to acquire a new token entirely after expiration. Inherently, the expiration of the token is fixed, but by implementing periodic refresh you end up with the same end result. The expiration slides with each refresh. This can all be configured in your OAuthAuthorizationServerOptions which is passed to your OWIN application context in Startup.Auth.
Hope this helps.