Log out user after inactivity with JWT Access and Refresh tokens

I implement autentication mechanism in web application with Angular 2.

I going to use JSON Web Token. Two types of token, Access token (short-lived) and Refresh token (long-lived) which are described here: https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/

I want to obtain result which is common when session/cookies are used. After a period time of user inactivity, the user is logged out . Which basiclly means that the browser displays the login page and in case of using JWT, the tokens are removed from browser localStorage or storage cookies.

I do not see the way how to do this, relaing only on Access and Refresh tokens.

When Access token is expired (eg. each 10 minutes), the new one is requested using Refresh token (which expires each 8 hours). But what when the user is inactive for eg. 1 hour? Refresh token is still valid so next user interaction will cause obtain new Access token and the user sill can use th app.

Maybe there are some Angular2 or JavaScript mechanisms which in case of user inactivity, perform some action or redirect to login page?


您可以实施一些客户端规则,即每当访问令牌将过期重定向到登录页面或您可以锁定用户的屏幕再次提供输入凭据。请参阅angular2 JWT的功能

链接地址: http://www.djcxy.com/p/22032.html

上一篇: 用刷新令牌签署jwt令牌作为有效负载

下一篇: 在用JWT访问和刷新标记处于非活动状态后注销用户