Mobilefirst 8 extend login timeout by acquiring resource / manual trigger

0
votes

Platform: ionic 3

Objective:
For protected resources, there's a scope to protected with security checking with timeout.
Beside kicking out user when idling like 1 min, refresh login session(access token?) after each adapter call.
If better, can refresh login session with a call.

Finding:
Tried obtainAccessToken and insert that in WLResourceRequest.
To me, it just uses Remember Me Duration instead of Success State Expiration.
But after Remember Me Duration, it still logout without updating login session.

This is a duplicate of Mobilefirst 8.0 Session timeout implementation as there is no final solution.

Thanks for any help

1
ionic-frameworkionic3ibm-mobilefirstmobilefirst-adapters

1 Answers

1
votes

IBM MobileFirst released special type of token called Refresh token which can be used to obtain a new access token when the access token expires.The refresh tokens are long-lived tokens and remain valid for a longer duration of time compared to access tokens.

Enabling refresh tokens feature :

Refresh token feature can be enabled using the following properties on client side and server side respectively.

client-side property File name.: mfpclient.properties Property name: wlEnableRefreshToken Property value: true For example, wlEnableRefreshToken=true

server-side property File name: server.xml Property name: mfp.security.refreshtoken.enabled.apps Property value: application bundle id separated by ‘;’

For example,

        <jndiEntry jndiName="mfp/mfp.security.refreshtoken.enabled.apps" value='"com.sample.android.myapp1;com.sample.android.myapp2"'/>

Use different bundle ids for different platforms.

For more details, refer:Refresh token

NOTE: This feature available from from 8.0.0.0-MFPF-IF201711230641-CDUpdate-01 and only in Android ,soon this feature will be available for iOS as well.